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Preface 


When I came to Singapore I was given a fourth year undergraduate Honours 
Number Theory course. I decided to teach Gauss’s immortal Disquisitiones 
Arithmeticae. This book is the result. 

On historical and mathematical grounds alike number theory has earned a 
place in the curriculum of every mathematics student. This is a textbook for an 
advanced undergraduate or beginning graduate core course in the subject. 
Such a course should stick pretty close to the naive questions, which in 
number theory concern prime numbers and Diophantine equations. The 
emphasis in this book is on Diophantine equations, especially quadratic 
equations in two variables. 

My own conscious interest in Diophantine equations goes back to a long 
winter’s night in a St. Louis basement in 1962 when my father and I tried to 
solve the notorious problem of the monkey and the coconuts as presented by 
Martin Gardner. No one told me then that Diophantine equations belong to a 
subject called “number theory,” and I found little help in the public library. I 
needed a teacher trained in number theory. It pleases me that several of my 
students of Gauss are now teaching in the schools. I might particularly 
mention Mr. Lee Ah Huat with whom I discovered Gauss’s first proof of the 
law of quadratic reciprocity. 

This book is closely based on lectures I gave to able groups of students 
during three consecutive years at the National University of Singapore. I 
thank the students for constantly demanding “the notes,” which was how the 
text began. I tried during the writing always to keep my students in mind, 
always to remember that I was writing a textbook. I have sought to avoid the 
twin traps of doing algebra to the exclusion of number theory and of doing 
only trivial number theory. [ take it for granted that the material I have chosen 
is interesting. My supreme stylistic goal is clarity. 


Vii 


viii PREFACE 


By the time this book is published I shall have gone on from Singapore. 
Singapore has been part of my life for three and a half years, and I shall miss 
it. I have many friends here. I wish them all well. 


Singapore 


DAN FLATH 
August 1987 
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CHAPTER 1 


Prime Numbers and Unique 
Factorization 


1. Introduction 


All introductions to number theory since Gauss’s greatest Disquisitiones Arith- 
meticae (1801) have begun the same way, with the aptly named Fundamental 
Theorem of Arithmetic. What better place to start? 


Theorem 1.1. Fundamental Theorem of Arithmetic. Every integer greater than 
1 can be expressed as a product of prime numbers in one and only one way. 


Thus he who would know the integers well must study the primes. The first 
question to ask is just how many primes are there? We shall soon see that 
there are infinitely many primes, so we had better refine the question. We will 
prove 


Theorem 1.2. Chebyshev. For x > 2, the number of primes that are less than 
x is between (1/10)(x/log x) and 10(x/log x). That is, to within an order of 
magnitude there are x/log x primes less than x. 


We prove Theorem 1.1 in Section 3. The proof will depend upon properties 
of greatest common divisors that we will use again and again. A first applica- 
tion to linear Diophantine equations is the subject of Section 4. 

There is a preliminary discussion of the distribution of primes in Section 2. 
A proof of Theorem 1.2 is presented in Section 5. 
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2. Prime Numbers 


Divisibility is without a doubt the most important concept in number theory. 


Definition. A nonzero integer b is said to divide a € Z (written b|a) iff there 
exists c © Z such that a = bc. We say then that b is a divisor of a. 


Definition. A positive integer n is prime iff n > 1 and there is no factorization 
n = ab with positive integers a, b <n. 
A positive integer 1 is composite iff n > 1 and n is not prime. 


Note that a positive integer greater than 1 is prime if and only if its only 
positive divisors are itself and 1. 

Every positive integer can be constructed from prime numbers by multipli- 
cation. This fact, the first theorem in the subject of number theory, is the 
source of our interest in primes. 


Theorem 2.1. Every positive integer n > 1 is a product of prime numbers: 
n=ITi_.p, r= 1. 


Proof. By finite induction on n. If n = 2, the assertion is true because 2 is 
prime. 

Let n > 2 and assume that every positive integer less than n is a product of 
primes. If 1 itself is prime, the assertion of the theorem is clearly true. If n is 
composite, write » = ab where 1 < a, b <n. By the inductive hypothesis a 
and b are each products of primes. Juxtaposing these products gives a prime 
factorization of n. a 


How many primes are there? The answer was known to Euclid. 
Theorem 2.2. Euclid. There are infinitely many primes. 


Proof. We will show that every finite set of primes omits at least one prime. It 
will follow that no finite set can contain all the primes. 


Let { p,, P>,---> p,} be a finite set of prime numbers. By Theorem 2.1, 
there is a prime divisor g of N = p,p, --: p, + 1. Because g|N but p; + N, 
the prime g must be different from p,, p5,..., P,- | 


The occurrence of primes is limited somewhat by the existence of long 
strings of consecutive composite numbers. 
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Proposition 2.3. There exist N consecutive composite integers for every N > 1. 


Proof. We can take, for example, the sequence (N+ 1)! + 2,(N + 1)! 
+3,(N + 1)! + 4,...,(N + 1)! + (N+ 1). None of these numbers is prime 
because i divides(N + 1)! +ifor2<i< N+ 1. | 


Some theorems of a nature opposite to Proposition 2.3 have been dis- 
covered. For instance, Chebyshev proved that every sequence JN + 1, 
N+ 2,...,2N contains at least one prime. It has been conjectured that the 
sequences N? + 1, N* + 2,...,(N + 1)? each contain at least one prime too, 
but this has never been proved and no counterexample is known. 

By definition, a positive number 7 is prime if it is not divisible by any of 
the integers 2,3,...,n— 1. It has been known since Eratosthenes, however, 
that the number of divisibility checks can be drastically reduced, which greatly 
shortens the work of compiling lists of primes. 


Proposition 2.4. Sieve of Eratosthenes. Let n be a composite number. Then 
there exists a prime p such that p|n and p < yn. 


Proof. Since n is composite, n = ab with 1 < a,b <n. If a,b > Vn, then 
ab > n. Hence at least one factor, say a, satisfies a < ¥n. Every prime divisor 
p of a will be as desired: p|n and p < yn. a 


Let us find the primes smaller than 60. Begin with a list of the first 60 
integers. The primes smaller than V60 are 2, 3, 5, and 7. So we strike from the 
list, in turn: 1, every second number beginning with 4, every third number 
beginning with 9, every fifth number beginning with 25, and finally every 
seventh number beginning with 49. Those numbers that remain, 17 in all, are 
the primes less than 60. They are circled in Table 1. 

The arrangement of Table 1, imagined now to continue indefinitely to the 
right, suggests some questions about the distribution of primes. By Theorem 
2.2 we know that an infinite number of columns of the extended table will 


TABLE 1 


1 © 9» @ @ u 3 @& 33 G) @ 45 49 63) 57 


@ 6 10 14 #18 22 26 30 34 #38 42 46 50 54 ~— 538 


@®@@a@a 1 27 GD) 35 39 43) @) 51 55 69) 


4 8 12 16 20 24 28 32 3606 «© 4006«6©64406«6©48 065206 «65660 
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contain a prime. Is there an infinite number of columns containing two 
primes? No one knows the answer. 

The infinite set of odd primes divides itself between the first and third rows 
of Table 1. At least one of those rows must contain an infinite number of 
primes. Which is it? Observe that the ith row of Table 1 consists of the 
integers i+ 4k, k =0,1,2,.... We have: 


Theorem 2.5. There is an infinite number of integers k > 0 such that 3 + 4k 
is prime. 


Proof. We can imitate the proof of Theorem 2.2. Let p,,..., p, be a list of 
prime numbers of the form 3 + 4k. Let N = 4p, ---: p, — 1. Since MW 1s odd, 
all its prime divisors lie in rows 1 and 3 of Table 1; that is, each of its prime 
divisors is of the form 1 + 4k or 3 + 4k. An easy exercise shows that every 
product of integers of the form 1 + 4k is itself also of the form 1 + 4k. Since 
N is not of this form, it must have a prime divisor g of the form 3 + 4k. 
Because g|N but p,+ N, the prime g must be different from p,,..., p,. We 
have shown that every finite list of primes of the form 3 + 4k is incomplete. & 


Thus the third row of Table 1 contains infinitely many prime numbers. The 
first row also contains an infinite number of primes, a fact whose proof will be 
deferred until after the discussion of some elementary properties of con- 
gruences. 

It is natural now to ask, for given a and b, whether there is an infinite 
number of integers X for which aX + b is a prime number. An obvious 
necessary condition is that a and b have no prime divisor in common, for if a 
prime p divides both a and Jb, then it will also divide aX + b for every X. 
One of the mathematical high points of the nineteenth century was Dirichlet’s 
proof, introducing powerful new analytic methods into number theory, that 
this necessary condition is also sufficient. We state without proof Dirichlet’s 
Theorem on Primes in Arithmetic Progressions. 


Theorem. Dirichlet. Let a, b € Z with a > 1. If there is no prime that divides 


both a and b, then aX + b is a prime number for infinitely many positive 
integers X. 


What if we replace the linear polynomial aX + b by a polynomial in X of 
higher degree? Absolutely nothing is known, not even for the simplest case, 
which is the polynomial X* + 1. It is suspected but not proved that X? + 1 is 
prime for an infinite number of integers X. 
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Polynomials in more than one variable are interesting too. Fermat, in the 
seventeenth century, created modern number theory by considering the poly- 
nomial X* + Y?. He proved that the equation X* + Y* = p:p is solvable in 
integers X, Y for every prime number p that is of the form 4k + 1 (row 1 of 
Table 1) and for no prime number p of the form 4k + 3 (row 3 of Table 1). 
Thus there is an infinite number of primes of the form X?+ Y?. We will 
present several proofs of Fermat’s theorem later. Following the historical path, 
we will then take up the theory of the general binary quadratic form aX? + 
bXY + cY”’. 


Exercises 


1. i. Show that the set of integers S = {1,5,9,13,...} is a multiplicative set 
(i.e., that the product of any two elements of S lies in S). 


ii. An S-prime is a number in S other than 1 that is not the product of 
two smaller numbers in S. Prove that every element of S is a product 
of S-primes but that such a factorization is not always unique. 


2. Prove that if 2” + 1 is prime, then 7 is a power of 2. Compute 2?" + 1 for 
n = 0,1,2,3,4. Are they prime? 


3. Show that if m <n, then 22” + 1 divides 2” — 1 and so there is no prime 
number that divides both 27” + 1 and 27° + 1. Conclude that there are 
infinitely many prime numbers. 


4. Prove that if M, = 2” — 1 is prime, then p itself is prime. Compute M, 
for p = 2,3,5,7,11. Are they prime? (The largest prime known in 1988 is 
M3 6091-) 


5. Prove that there are infinitely many primes of the form 3k + 2. Prove that 
every such prime except 2 is also of the form 6k + 5. 


6. Deduce from Dirichlet’s theorem that there are infinitely many primes 
with final digit any of 1,3,7,9. Show similarly that there are infinitely 
many primes whose final two digits are 37. 


7. Find all primes less than 200 by hand. Using a computer, list all primes 
less than 1000. How many of these primes have final digit 1? final digit 3? 
5? 7? 9? Find all primes p < 1000 such that p + 2 is also prime. For 
which of these p is p + 4 also prime? For which is p + 6 also prime? For 
which are p + 6 and p + 8 both prime? 
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8. On the basis of experiment, formulate a conjecture telling for which prime 
numbers p there exist integers X and Y such that X? + 3Y? = p. Do the 
same for the equation X? + XY — Y? = p. 


9. Prove that there is no nonconstant polynomial f(X) with integer coeffi- 
cients such that f(”) is prime for every positive integer n. 


10. Let N be a positive odd integer. Let x = inf{n © Z|n = VN and n2?—N 


is the square of an integer}. Let y = ¥Vx* — N. Prove that x — y is the 
largest divisor of N that is less than or equal to VN. 


3. Unique Factorization 


It was discovered in ancient times that the set of common divisors of any two 
integers is equal to the set of all divisors of a single third integer, called their 
greatest common divisor. The greatest common divisor can be calculated by a 
very efficient procedure, today known as the Euclidean algorithm. This al- 
gorithm is the key to understanding factorization in the ring of integers. Our 
proof that factorization of integers into products of primes can be done in 
only one way, the principal result of this chapter, will be based solidly upon it. 
This story begins with the possibility of division with remainder. 


Proposition 3.1. Division Algorithm. Let a,b € Z with b #0. There exist 
q,r © Z such that a = qb + r and |r| < |b|. (That is, we can divide a by 5, 
getting quotient g with a remainder r which is smaller than the divisor b.) 


Proof. Let g be the largest integer that is less than or equal to the rational 
number a/b. From the imequalities g < a/b<q+41, we deduce that 
|a/b — q| < 1. Let r= a — qb. Note that r is an integer because a, q, and b 
are integers. Finally, compute |r| = |b(a/b — q)| = |b| |a/b — q| < |b|. | 


Definition. An integer c is a common divisor of two integers a and b iff c 
divides both a and Db. It is a greatest common divisor (GCD) of a and b iff it 
is a common divisor of a and b and is itself divisible by all other such 
common divisors. 


Proposition 3.2. Euclidean Algorithm. There is a greatest common divisor for 
every pair of integers not both zero. It can be computed by a finite number of 
applications of the division algorithm. 
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Proof. Let a, b be integers with b # 0. If bla, then b is a GCD of a and b. If 
not, write inductively, using Proposition 3.1, 


a=q,b+n, 
b= gory +1, 


Ny = 93ln + Ps; 


nt = Gyn nee TDF sccieiess 


where q;,r,; © Z and |b| > |r,| > |r,| > --- . Because the |r,| are nonnegative 
integers, the process must stop with an integer M > 1 such that r,,,, = 0. We 
claim that r,, is a GCD for a and b. 

From the equation a = q,b + rj, it is evident that every common divisor of 
a and b must also divide r, and that every common divisor of b and r, must 
also divide a. Hence S(a, b) = S(b, r,), where we write S(m, n) for the set of 
common divisors of two integers m, n. Consideration in turn of the succeeding 
equations above shows similarly that S(b, r,) = S(7,, 7.) and that S(r,, 7.41) 
= S(tn+p 'm+2) for m= 1. Thus S(a, b) = S(ry, ry+ 1). But since ry,,, = 0 
and every nonzero integer divides 0, S(ry, ryy+ 1) iS just the set of all divisors 
of rj, including r,,. We conclude that the set of common divisors of a and b 
consists of r,, and the divisors of r,,. It is now clear that r,, is a GCD of a 
and b, as claimed. a 


In fact, every nonzero pair of integers has exactly two greatest common 
divisors, one positive and one negative. Indeed, if c,; and c, are both GCDs of 
a and b, then c,|c, and c,|c,, which shows that c,/c, and c,/c, are both 
integers. Hence c,/c, = +1 and c, = +c,. We will denote the positive 
greatest common divisor of a and b by GCD(a, b). The integers a and b are 
said to be relatively prime iff GCD(a, b) = 1. 

The usefulness of GCDs derives mainly from their most important prop- 
erty, which is stated as the next proposition. 


Proposition 3.3. Let a,b be integers not both zero and let c be a greatest 
common divisor of a and b. Then there exist integers x, y such that ax + 
by = c. 


Proof. It is enough to prove the proposition when c is any one of the two 
GCDs of a and b, for if ax + by = c, then a(—x) + b(—y) = —e. 

Assume that b # 0. If bla, then b is a GCD of a and b, and b = a(0) + 
b(1). 

Now suppose that b + a, and adopt the notation of the proof of Proposition 
3.2. We must prove that there exist integers x, y € Z such that r,, = ax + by. 
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We show more generally that there exist x,, y,.© Z such that r, = ax, + by, 
for i = 1,2,..., M. The proof is by induction on i. The cases i = 1 and i = 2 
come from the calculations 


r, = a(1) + b(-4q,), 
ry = b — q,(a— qb) = a(—qz) + D(C + QQ). 


Now assume that m > 2 and that the existence of x,, y, has been proved for 
all i < m. Then 


Tn - ln-2 i Amlm-1 _ (aX y—> as by,,—2) = Qin (AX m1 - bYn—1) 
as A(X» ~~ Im*X m—1) zs b(Vn—2 _ din Ym—1)- 


So taking x,, = X,,-2 — UImXm—-1 20d Y,, =VWm—2 — Im¥m—-1 Completes the 
induction. a 


Lemma 3.4. Euclid’s Lemma. If a prime number divides a product a,a, --- a 
of integers, then it must divide one of the a,. 


Proof. The proof is by induction on n, the number of factors in the product. If 
n = | there is nothing to prove. 

The crucial case is that of m = 2, so let p be a prime divisor of a product 
ab. We must show that if p + a, then p|b. Suppose that p does not divide a. 
Since 1 and p are the only positive divisors of p, we must have that 
GCD( p, a) = 1. By Proposition 3.3 there exist x, y € Z such that ax + py 
= 1. Multiply by b to get (ab)x + pby = b. Both terms on the left side of this 
equation are visibly divisible by p. Hence b, which is their sum, is also 
divisible by p. 

Now let N > 2 and assume that the proposition has been proved for all 
n< N. Let p be a prime divisor of (a,a, --- ay_,)ay. By the preceding 
paragraph, p must divide either a, or a,a, --- ay_,. In the latter case, the 
inductive hypothesis implies that p divides a; for some j < N — 1. Hence, in 
all cases, p must divide one of the factors a,, a,,..., ay. al 


The Fundamental Theorem of Arithmetic, Theorem 1.1, can now be proved. 
It is the conjunction of our next result with Theorem 2.1. 


Theorem 3.5. Uniqueness of Factorization. Apart from rearrangements of the 
prime factors, a positive integer can be expressed as a product of primes in 
only one way. 


Proof. Let n bea positive integer. Suppose that n = p, p, °°: P, = 4190 °°* 4s 
where the p; and q, are all prime. We must show that r = s and that after a 
possible reordering of the gs, p; = q; for i= 1,2,...,r. 
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The proof is by induction on n. There is nothing to prove if n = 1. Let 
n > 1 and assume that the theorem has been proved for all positive integers 
less than n. If n is prime, then it has only one prime divisor, namely itself. 
hence r = s = 1 and p, = q, = n. Suppose that n is composite. The prime p, 
divides the product q,q, --- q,, so by Euclid’s lemma p, must divide q, for 
some j. After rearranging the gs if necessary, we may assume that p,|q;. 
Because q, iS prime, p, = q,. Thus n/p, =p, -:- P, = 4. °°° 4; By the 
inductive hypothesis, n/p, has only one factorization as a product of primes. 
Thus r = s and p; = q, fori = 2,...,r. | 


We conclude this section with two lemmas that we will need in the sequel. 
Their simple proofs illustrate nicely the use of Proposition 3.3. 


Lemma 3.6. Let a, b,m € Z with m # 0. If mjab and GCD(™m, a) = 1, then 
mb. 


Proof. By Proposition 3.3 there exist x, y © Z such that ax + my = 1. After 
multiplying by b, one finds that (ab)x + mby = b. Since m divides both terms 
on the left side of the equation, it must also divide b, which is their sum. a 


Lemma 3.7. Let a, b € Z, with a and b not both zero, and let d = GCD(a, b). 
Then GCD(a/d, b/d) = 1. 


Proof. By Proposition 3.3 there exist x, y © Z such that ax + by = d. Thus 
(a/d)x + (b/d)y = 1. From this equation we see that all common divisors of 
a/d and b/d must divide 1. Hence, the only common divisors of a/b and 
b/d are +1. a 


Exercises 


1. Show that the integers g and r of Proposition 3.1 are not necessarily 
uniquely determined by the pair (a, b). 


2. Show that GCD(2° — 1,2/ — 1) = 20P) — 1 for every pair of positive 
integers e, f. 

3. Define the Fibonacci sequence by Fy = 0, F, = 1, F, = F,_, + F_2 for 
n > 2. 


i. Prove that 


10 


4. 


10. 


11. 
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ii. Show that if m > n, then GCD(F,,, F,) = GCD(F,,_,, F,). 
lii. Prove that GCD(F,,, F,) = Focncm, n): 


Let a, b, q;, r,; = C with b # 0, all g; # 0, 7, # Ofori < M, and r,,,, = 0. 
Suppose that 


a=qbt+n, 
b= Qtr, 


Pi = Qgah: PF Tis i= 2,3,..., M. 


Show that 


1 
a 


Qm+1 


. Write a computer program that computes the GCD of two positive 


integers. 


. Let a,b,me€Z with a # 0, b # 0 satisfy GCD(a, b) = 1. Prove that if 


a|m and b|m, then ab|m. 


. Let a and b be nonzero integers such that GCD(a, b) = 1. Show that 


GCD(m, ab) = GCD(m, a)GCD(m, b) for all m € Z. 


. Let D, be the set of positive divisors of a positive integer n. Given two 


positive integers m and n, define a function yy: D, x D, > D,,,, by the 
formula (a, b) = ab. Prove that if GCD(m, n) = 1, then wy is a byec- 
tion. What is the inverse? 


. Define d(n) to be the number of positive divisors of a positive integer n. 


Prove that d(mn) = d(m)d(n) if GCD(m, n) = 1. Compute d(p%q°r‘) 
where p, q, and r are distinct primes. 


Let o(n) be the sum of the positive divisors of a positive integer n. Prove 
that o(mn) = o(m)o(n) if GCD(m, n) = 1. Compute o( p“q’r°) where 
P, 7, and r are distinct primes. 


Show that every rational number can be written in one and only one way 
as m/n with integers m,n such that GCD(m, n) = 1 and n > 0. 


a, X, + a,X, +--+ +a,X, =n 11 


12. A positive integer is called a perfect number iff it is equal to the sum of all 

its positive divisors other than itself. 

i. Prove that 2?~1(2? — 1) is a perfect number if 2” — 1 is prime. Find 
the first four perfect numbers that arise in this way. 

ii. Prove that every even perfect number is of the form 2?~‘'(2? — 1) 
where both p and 2” — 1 are prime. (Hint: Let n be even perfect. 
Write n = 2?~1s with s odd.) It is not known whether there are any 
odd perfect numbers. 


13. Let m, a,, a,,...,a, be integers such that GCD(m,a;) = 1 for all i. 
Prove that GCD(m,I1*_,a;) = 1. 


14. We say that c # 0 € Z 1s a least common multiple of two nonzero integers 
a, b iff c is divisible by both a and b and itself divides any other integer 
with the same property. Prove that ab/GCD(a, b) is a least common 
multiple of a and b. 


15. For a positive integer n and prime number p, define ord,() to be that 
integer ¢ > 0 such that p'|n but p’** + n. Write n as a product of primes, 
Say n = P,P, --- p,. Using only Lemma 3.4, prove that ord ,(”) equals 
the number of times p occurs among the factors p,, p5,..., p,- Hence 
prove Theorem 3.5. 


16. Let » =p? where the p, are distinct prime numbers and the n,; are 
nonnegative integers. Prove that every nonzero integer a that divides n 
has a factorization a = +] ]p? where 0 < a; < n, for all i. 


17. Prove that log,,)2 is irrational. 
18. Let a, b, m € Z with m # 0 and GCD(a, b) = 1. 


i. Prove that if ab = m°, then a and b are cubes of integers. 


ii. What conclusion about a and b can be drawn if ab = m7? 


19. Let a #0 © Q. Prove that a can be uniquely expressed as a = m’n 
where m © Q and n is a squarefree integer (i.e., n iS not divisible by the 
square of any prime). 


4. a,X,+a,X,+ ***s+a, X,=n 


Proposition 4.1. Let a, b,n € Z with a and b not both zero. The following 
two assertions are equivalent. 


1. aX + bY =n has a solution in integers X, Y. 
2. GCD(a, b)|n. 
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Proof. 1 > 2. Suppose that X,Y ¢Z and that aX + bY =n. Since 
GCD(a, b) divides both a and b, it must divide both aX and bY and hence 
also their sum, which is n. 

2 = 1. Suppose that n = t- GCD(a, b), where t € Z. By Proposition 3.3 
there exist integers x, y such that ax + by = GCD(a, b). Then aX + bY =n 
with X = xt and Y = yt. a 


Note that the proof of the implication 2 > 1 in Proposition 4.1 gives a 
method of finding an integral solution of the equation aX + bY = n if it has 
one. Proposition 4.2 will tell how to find all such solutions if just one is known. 


Proposition 4.2. Let a,b, n © Z with a and 5b not both zero. Let x), y< Z 
and suppose that X = x9, Y = yp is a solution of the equation aX + bY = n. 
Then all solutions in integers X, Y of the equation aX + bY = n are obtained 
through the formulas X = x, + (b/d)t, Y=y,-—(a/d)t, where d= 
GCD(a, b) and ¢ € Z. 


Proof. First note that all X, Y obtained through the stated formulas actually 
are integer solutions of the equation aX + bY =n. It remains to prove that 
there are no other solutions. 

Taking the difference of aX + bY =n and ax, + by) = n and then divid- 
ing by d yields the equation 


“(X~ x9) + 5(¥ — y9) = 0. (*) 


Suppose that b # 0. Then b/d|(a/d)( X — x,.). By Lemma 3.7 we know that 
a/d and b/d are relatively prime. It then follows from Lemma 3.6 that 
b/d|X — Xo, so there exists t © Z such that X — x, = (b/d)t. Substituting 
back into (*) shows that Y — y) = —(a/d)t. Finally, if b = 0, the equation is 
aX = n, which has general solution X = n/a = x, and Y an arbitrary integer. 
The proposition holds because in this case a/d = +1. | 


We next extend the notion of greatest common divisor, as preparation for a 
study of the equation a,X, + a,X,+--- +a,X, =n. 


Definition. An integer c is a greatest common divisor for a set S C Z iff c 
divides every element of S and is itself divisible by all other integers with the 
Same property. 


The existence of greatest common divisors is taken care of by the following 
lemma, which in fact shows how to compute them. 


a, X, + a,X,+---+a,X,=n 13 


Lemma 4.3. Let a,,a,,...€Z with a, #0. Let c, =a, and let c,= 
GCD(c,_,, a4;) for i=2. Then c, is a greatest common divisor for 


{a,, 45,--., @,} for all r> 1. Moreover, there exist integers x, such that 
Gx; = CC). 


Proof. By induction on r. There is nothing to prove if r = 1, so suppose n > 1 
and that the lemma has been proved for r = n — 1. The inductive hypothesis 
asserts that c,_, is a GCD for {a,,...,a,_,}. A common divisor of 
A,, 45,..-, 4, 4, 4, divides each of a,, a5,..., a,,_, and must therefore divide 
C, 1; because it also divides a,, it must divide c, = GCD(c,,_;, a,,) as well. 
On the other hand, c, divides both c,_, and a, and hence divides each of 
a1, 45,..., a,. Therefore c, is a GCD for {a,, a,,..., a,}. 

Finally, by the inductive hypothesis there exist x/ € Z such that L?2/a,x/ 
= C, _,. By Proposition 3.3 there exist x, y © Z such that c,_,x + a,y = C,. 
We calculate 


n—1 


es a;(xjx) + a,y- 
i=1 


i“? 


Thus c, = £7_,a;x,, with x; = x/x fori < n and x, = y. a 
A finite set of integers not all zero has exactly two GCDs differing only in 
sign, aS in the case of GCDs for pairs of integers. We will write 


GCD(a,,..., a,,) for the positive greatest common divisor. 


Theorem 4.4. Let a,, a,,...,a,,n € Z with the a, not all zero. The following 
two statements are equivalent: 


1. a,X, + a,X, +--+ +a,X, =n has a solution in integers X,. 
2. GCD(a,, a,,..., a,)|n. 


Proof. Formally identical to the proof of Proposition 4.1. a 


We next ask for al/ integral solutions of the equation La, xX; = n. The key 
lemma is as follows. 


Lemma 4.5. Let a = (a,,...,a,) #0 © Z’ and let d = GCD(qy, ap,..., a,). 
Then there exists an r X r matrix C with integer entries and determinant 
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equal to +1 such that 
aC = (0,0,...,0,d). 


Proof. The proof is by induction on r, the length of the vector a. 

If r= 1, then d = |a,|, so we may take C = (sign(a,)). 

Now let r > 2, and suppose that Lemma 4.5 has been proved for all vectors 
of length less than r. If a, =a, = --- =a,_, = 0, then we may take 


r 


where J,_, is the (r— 1) X (r—1) identity matrix and the two zeroes 
represent matrices all of whose entries are zero. So suppose that (a,,..., @,_;) 
#0€Z""'. Let c = GCD(a,,..., a,_,). By the inductive hypothesis there is 
an (r — 1) X (r — 1) matrix A with integer entries and determinant equal to 
+1 such that (a,,...,a,_,)A =(0,...,0,c) @Z"*. Let A* be the rXr 
matrix 


We have aA* = (0,...,0,c, a,). By Lemma 4.3, d = GCD(c, a,). Therefore 
by Proposition 3.3 there exist integers x, y such that cx + a,y = d. The 2 X 2 
integer matrix 


XxX 


a, 
d 


which has determinant equal to +1, satisfies the equation (c, a,)B = (0, @). 
Hence the r X r integer matrix 


[2 0 

CAN es a as 

0 .B 
has determinant equal to +1 and satisfies the equation aC = (0,...,0, d) as 
required. a 


Note that the proof of existence of C in Lemma 4.5 is quite constructive; it 
shows how to calculate an explicit matrix C for any a. This calculation 


a, X, + ay Xz is +a,X, = n 15 


amounts to the complete resolution of the linear Diophantine equation a,X;, 
+ a,X,+ ++: +a,X, =n, as is shown by our next theorem. 


Theorem 4.6. Let a, d, and C be as in Lemma 4.5. For i = 1,2,..., r, let c¢; 
denote the ith column of the matrix C. Let N € Z. 
mt 
i. x = | - |© Z” solves the equation Yj_,a,x, = Nd if and only if there 
x, 
exists integers m, such that x = L’~jm,c, + Nc,. 
ii. The set of integer solutions of the equation /’_,a,X; = 0 is a subgroup 
of Z" that is isomorphic to Z’~’. 


Proof. i. Let y = x — Ne,. Then 


= aC(Cly) = (0--- 0d)C~1y = 0 
ay 

=o C ly=m= ce for some integers m,, m5,..., M,_1 
0 

om y= Cm = mc, + mc, + +++ +m,_1C,_. 


ii. For m = (m,,...,m,_,) € Z""", define ¢(m) = Lizim,c;. By part i, ¢ 
is a surjective homomorphism from Z’~* onto the group of integer solutions 
of the equation 1/_,a,X; = 0. Because C has nonzero determinant, its col- 
umns c, are linearly independent. This implies that @ 1s injective. Hence ¢ is 
an isomorphism. a 


As an example, consider the equation SX + 7Y + 11Z = 2. The matrix 


7 —-44 —-4 
C=; S95 33 3 
0 = 0 


is as demanded in Lemma 4.5 where we take a = (5,7,11). The complete 
integral solution of the equation can therefore be given as 

X ='Im — 44n — 8, 

Y = —5m+ 33n + 6, 


Z=-—n, wherem,neéZ. 
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The theory developed in this section can be extended to include systems of 
s linear Diophantine equations in r variables. The extension, called the theory 
of elementary divisors, is perhaps best presented as a study of canonical forms 
for group homomorphisms from Z’ to Z*. It is of great importance but lies 
beyond the scope of this book. 


Exercises 


1. Let a = 1587645 and b = 6755. Compute d = GCD(a, b). Find all in- 
tegers X, Y such that aX + bY = d. 


2. Let a, b be positive integers with GCD(a, b) = 1. Show that there exist 
integers x, y > 0 such that ax + by = n for every integer n > ab — a — b, 
but that there do not exist such integers for n = ab — a — b. 


3. Find all integer solutions of the equation 2X* — XY — 3Y? = 8. 


4. Find all integer solutions: 
i 2X + 3Y + 5Z = 1; 
li, 6X + 15Y + 35Z = 1. 


5. Write a computer program that accepts as input a vector a = (d,,..., a,) 
# Q © Z’ and prints out a matrix C as in Lemma 4.5. 


6. Deduce Theorem 4.4 from Lemma 4.5. 


7. Let @: Z’ — Z be a nonzero homomorphism of abelian groups. Prove that 
ker(¢?) = Z’~? and that im(¢) = Z. 


8. Let a,b,c be nonzero integers that are pairwise relatively prime. Show 
that every integer solution (X, Y, Z) of the equation bcX + acY + abZ 
= 0 equals m(a, —b,0) + n(O, b, —c) for some integers m, n. 


9. i. Let m,,m,,...,m, be nonzero integers that are pairwise relatively 
prime. Let a € Z. Show that there exist a,, a,,..., a, © Z such that 
a a, a, a, 
ae Cae a —— + 7 e + 
mym,--: m, m, Mm, m, 


ii. Find integers a, b, c such that 


1 
8-27-125 


co | & 
No 
~ 
— 
WN 
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10. Let a, b,c be positive integers with GCD(a, b, c) = d. Show that there 
exists N > 0 such that aX + bY + cZ = nd has a solution in positive 
integers X,Y, Z for every integer n > N. 


11. Show that the number of solutions of X + 2Y + 3Z =n with integers 
X, Y, Z = 0 equals the coefficient of x” in the power series expansion of 


1/(1 — x). — x*)(1 — x°)). 


12. Find all integer solutions of the system of two equations: 


2X+3Y+5Z=0 
3X +5Y+7Z=0. 


5. The Distribution of the Primes 


Euclid proved that there is an infinite number of primes. In 1737 Euler took 
the first step beyond Euclid by proving that the sum ¥1/p of the reciprocals 
of the primes p diverges. His result can perhaps be interpreted as meaning, for 
instance, that there are “more” primes than squares, because ©%_,1/n? 
converges. With one brilliant stroke Euler brought analysis into number theory 
and initiated the quantitative study of the distribution of prime numbers. 

For x > 0 let 7(x) equal the number of primes p with p < x. In the hands 
of Riemann and then Hadamard and de la Vallée Poussin, Euler’s methods led 
to a proof of the great Prime Number Theorem that had been conjectured by 
Legendre and Gauss, namely that lim, _,.7(x)/(x/log x) = 1. The Prime 
Number Theorem will not be demonstrated here. We will prove only 
Chebyshev’s elementary theorem that 7(x) and x/log x are of the same order 
of magnitude. That will be enough to deduce that the proportion 7(x)/x of 
positive integers less than x that are prime tends to zero as x > oo. 

In the rest of this section /,, and I], will denote the sum and product over 
all prime numbers p having the stated property. 


Theorem 5.1. Euler. 11/p = oo. 
We need some lemmas. 
Lemma 5.2. Let 
(wie T= fore 
Pp<N Ls 1/p 


Then lim, _..,g(V) = ©. 
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Proof. We make use of the geometric series 
a 
~ 
Thus for example 


1 1 oY] 
Le 1 ys 8 


(There is no repetition among the denominators 273° in the sum because of 
the uniqueness of factorization, but we do not need this fact.) 

Similarly, g(N) = i, —y(1/n), where X is the set of positive integers that 
are products of primes less than or equal to N. In particular, X contains the 
numbers 1,2,..., N. Therefore g(N) > X*_,(1/n). The lemma now follows 
because °° (1/n) = = 00. Fs 


Corollary 5.3. There is an infinite number of primes. 


Proof. If not, then limy_,,g(V) would be a finite product and would there- 


fore be finite. a 
Lemma 5.4. 
—log(l-—x)=x+—~—+—4-:--- = YY — for |x| <1 
2 3 mo. ™ 


Proof. The two sides of the equation are equal at x = 0. Moreover, the two 
sides have the same derivatives, since 1/(1 —x)=l+x+x74+x?+--- 
Therefore, by the mean value theorem, the two sides are equal. | 


Proof of Theorem 5.1. 


1 
logg(N) = To 
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From 


we learn that 


where A is a constant independent of N. 


Therefore, 
1 
y — > logg(N) — A. 
Pp<N 
Theorem 5.1 now follows from Lemma 5.2. | 


We conclude Section 5 with the proof of a slightly strengthened version of 
Theorem 1.2. 


Theorem 5.5. Chebyshev. 


log2 x x 
< a(x) < 6log2—— forx >2. 
log x 


4 logx 
(Note the approximations (log 2)/4 > 0.17 and 6log2 < 4.16.) 
Corollary 5.6. lim, _, .7(x)/x = 0. 
The proof of Chebyshev’s theorem is based on an analysis of the size and 
factorization of the binomial coefficients (27) = (2n)!/n!n!. We take the two 


inequalities separately, beginning with the upper bound. 


Lemma 5.7. 


pen == [T] pe Ge <2*" forn>1. 


n<p<2n 


Proof. The first inequality is obvious upon noting that 7(2n) — a(n) is the 
number of primes p with n < p < 2n. 
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To prove the second, observe that I],,.,<2,p divides the positive integer 

2n) because the given primes divide the numerator but not the denominator 
of (Qn)! /ntn!t. 

Finally, (2) is but the middle term of the binomial expansion of (1 + 1)2” 


Since all the terms are positive, we conclude that 2p) Eat a | 


Proof that m(x) < 6 log 2(x /log x). Let n = 2*~} in Lemma 5.7. Comparing 
exponents, we find that (kK — 1)(m(2*) — 7(2*7')) < 2*. Therefore, ka(2*) < 
(k — 1)7(2*-1) + 3-2*-! for k > 1, where we have made use of the in- 
equality 7(2") < 2*~!, whose proof is left as an exercise. An induction on k 
establishes the basic inequality: 


k 


9 
nO) 32 Forked. 


Now let x satisfy 2* < x < 2**!. We compute 


Qk+1 k x 
= 6log2 < 6 log 2——_. a 


< DET Ee 3s —_— 
m(x) < m( ) log 2**} log x 


k+1 


For any real number x we will write [x] for the largest integer that is less 
than or equal to x. That is, [x] € Z and [x] < x < [x] +1. 


Lemma 5.8. Let p be a prime number, let 7 be a positive integer, and let p’ 
be the highest power of p that divides n!. Then ¢t = L°°_,[n/p’]. 


Proof. From the inequalities [n/p/]p/ <n < ([n/p’] + 1)p’, we find that 


[n/p/’] is the number of those integers 1,2,..., that are divisible by p/. 
Hence [n/p/] — [n/p/’**] is the number of integers m & {1,2,...,} that can 
be written m= p/s where pts. Therefore, t = © (n/p! — [n/p/*')), 
which telescopes into the sum L°°_,[n/p/] as ieee | 


Lemma 5.9. Let p be prime, let m > 1, and let p’ be the highest power of p 
that divides ( 2") = (2n)!/nin!. Then p’ < 2n. 


Proof. Let s € Z be such that p* < 2n < p*t!. By Lemma 5.8, 
We — 2[n/p!] 


L2n/p’] — 2[n/p’]. 


7 sh 


EXERCISES 21 


Since [2x] — 2[x] = 0 or 1 for all real numbers x, it follows that r < s. Hence 
p’ <p’ <2n. | 


Proof that m(x) > 4(log 2)(x / log x). Note first that 2” < ee) < (2n)"°” for 
n > 1. To see the first of these inequalities, write 


n p=... Lt 


5) 2n 22n-1 n+1 
as 


a product of n factors every one of which is at least 2. For the second, write 


a product of 7(2n) prime powers that, by Lemma 5.9, are each at most 2n. 
Let n = 2*~! in the above inequality. Comparing exponents, we establish 
the basic inequality: 


n(2*) > 2*/2k fork > 1. 
Now let x satisfy 2* < x < 2**'. We compute 


2k = log2 2*t} log2 x 
Wi Sn) Ss = 
2k 4 ilog2 4 logx 


Exercises 


. Prove that 7(n) < n/2 for every positive integer n except for n = 3,5, 7. 
Show that 7(n) < 7/3 for all integers n > 33. 


Prove that [2x] — 2[x] = 0 or 1 for all real numbers x. 


hs Y N = 


. Let m,n be positive integers. Show that (2m)!(2n)!/(m!n!(m + n)!) 1s 
also an integer. What does it count? 


5. For x > 0 let a(x) equal the number of square integers n* with n7 < x. 
Prove that lim, _,,.7(x)/a(x) = oo. 


6. i. Prove that there exists c > 0 such that p, > cnlogn for n > 1, where 
p,, is the nth prime number. 
ii. Show that there exists A > 0 such that p, < An? for n> 1. 
Hence prove that there exists C > 0 such that p, < Cn logn for n > 2. 


iii. Show that p,,,/p, 1s a bounded function of n. 


22 PRIME NUMBERS AND UNIQUE FACTORIZATION 


7. i. Show that there exists A > 0 such that |logn! — nL, .,,(log p/p)| < 


An for all integers n > 1. (Suggestion: Start with Lemma 5.8. Use 
Theorem 1.2.) 


li. Show that n logn > logn! > nlogn —n for n > 1. 
iii. Prove that there exists C > 0 such that |X, . ,(log p/p) — logx| < C 
for all real numbers x > 1. 


8. i. Define B(x) for x => 1 by B(x) = 
equalities for integers N > 2: 


L,<x(log p/p). Verify the following 


1 N-1 


z 


ENE Gao BO say - log(i + 1) 


- {* B(x) aa: B(N) 
2 x(log x)’ log N 


+ B(N) 


log N 


ii. Prove that limy ,,.(%, < y(1/p) — log log N) exists and is finite. 


9. Prove that there exist C > c > 0 such that 


1 
clog N < [|] —— <ClogN forN>2. 
p<nl— 1/p 


10. In this exercise we write p for all primes, g for all primes of the form 
4k + 1, and r for primes of the form 4k + 3. We set €(2) = 0, e(qg) = 1, 
and e(r) = —1, so that e(p) = (—1)”_ ” for odd primes p. 

i. Working purely formally (like Euler), argue that 


im TI 1 111 21 «1 
a ee ror 
Vout bf Os SS 
on (-1)""?” 
eee, 
n=1 fe 
n odd 


Show that the alternating series converges to a positive real number. 
(It converges to 7/4 as can be proved by evaluating wcot(zt) = (1/1) 
+ ye _(1/(m + t) — 1/(m — t)) at t = 4.) 

ii. Assuming the equality of i, show that Le( p)/p converges, where the 
primes p are taken in their natural order. Deduce that 1}1/g = oo and 


that £1/r = co and hence that there are infinitely many primes of 
each of the two forms 4k + 1 and 4k + 3. 


iv. 
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The statements of 11 can all be proven. Fill in the details of the 
following sketch. The series L(x) = L°_1 , oag(— 1) ?”?/n* con- 
verges uniformly in the region x >1 and absolutely for x > 1. 
Note that L(x) >0 for x > 1. For N=2 and x >1 let Ly(x) = 
I,<yvQ —- e(p)/p*) *. Then lim, _,,,.Ly(x) = L(x) for x > 1. (The 
assertion of i is that lim, |, lim, ,,,Ly(x) = limy_,, lim, ;,L,(%), a 
calculation that it is the object of these remarks to circumvent.) Write 
log Ly (x) = L, < ne(p)/p* + Ay(x), where easy estimates show that 
lim, _,,.4y(x) is continuous for x > 1. Because L(1) > 0, we find 
that lim, | ,X«( p)/p* exists and is finite. We know from Theorem 5.1 
that lim, ,,21/p* = oo. Adding and subtracting the last two limits 
shows that lim, ,,1/q* = lim,,,)1/r* = 00, whence L1/q = 
L1/r = oo. 

With more work (see Landau, Handbuch der Lehre von der Vertei- 
lung der Primzahlen, Section 109) it can be shown that 
lim, ,;L«(p)/p* = Le(p)/p, from which it follows that 
lim y _, .n(x) exists and is continuous at x = 1. This establishes the 
amazing formula of 1 discovered by Euler: 


a B.S: 40 1347 
4 44812121 ° 


where the numerators are the odd primes and the denominators are the 
adjacent multiples of 4. 


The sketch in 111 touches all the essential points of a general proof of 
Dirichlet’s theorem on primes in arithmetic progressions. The deepest 
and most interesting point turns out to be the assertion that L(1) # 0 
for appropriate functions L, which Dirichlet proved by explicit evalua- 
tion of L(1). 


CHAPTER 2 


Sums of Two Squares 


1. Introduction 


In this chapter we discuss several ideas linked by their relationship to the 
following famous theorem of Fermat. 


Theorem 1.1. X? + Y* = p has a solution in integers X, Y for every prime 
number p that is congruent to 1 mod 4. 


This is given force by: 
Theorem 1.2. There are infinitely many primes congruent to 1 mod 4. 


We can use Theorem 1.1 as the basis for a complete determination of the 
integers that are sums of two (integer) squares. 


Theorem 1.3. The following are equivalent for a positive integer n. 


1. X* + Y* =n has a solution in integers X, Y. 


2. All primes of the form 4k + 3 that divide n appear in the prime 
factorization of n with even exponent. In other words, 


— oo ee Dac oe: Ne Cs 
n= 2°py Pry’ q1 


with p, distinct primes = 1 (mod 4), g; distinct primes = 3 (mod 4), 
and c, even integers. 


INTEGERS mod m 25 


We present five proofs of Theorem 1.1, based, respectively, on: 


e unique factorization in the Gaussian integers Section 4 
e rational approximation of real numbers Section 5 
e Minkowski’s theorem Section 6 
e method of descent Section 7 


e reduction of positive definite quadratic forms Section 8 


The starting point for all these proofs is the existence half of the following 
lemma, which will be proved twice in Section 2. 


Lemma 1.4 (main lemma). X* = —1 (mod p) has a solution for an odd prime 
p if and only if p is congruent to 1 mod 4. 


This lemma says that X? + Y* = (multiple of p) has a nonzero solution if 
p is congruent to 1 mod 4. Naturally we will want to show that the multiple of 
p can be taken to be p itself. 

We prove Theorem 1.2 and the implication Theorem 1.1 = Theorem 1.3 in 
Section 3. 

There is a proof that every positive integer is a sum of four squares in 
Section 7. 


Exercise 


1. Let n € Z. Deduce from Theorem 1.3 that if there exist p, g € @ such that 
p? + q? = n, then there exist a, b € Z such that a” + b? = n. 


2. Integers mod m 


Many proofs in number theory can be viewed as extended sequences of 
deductions about the divisibility properties of various integers. The deductions 
can be greatly facilitated by the simple device of expressing the divisibility 
relations as equations that can be transformed in accordance with the ordinary 
rules of algebra. Classically one works with congruence equations between 
integers. In contemporary mathematics, congruences take the form of ordinary 
equations in the rings that are quotient rings of the ring Z of integers. It is the 
purpose of Section 2 to introduce this theory. 


Definition. The ring Z/m of integers mod m is defined for integers m # 0 to 
be the quotient ring Z/mZ. 
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The group U,, of invertible integers mod m is the group of units of the ring 
Z/m. 

For x € Z, we write x € Z/m for the image of x under the canonical 
homomorphism Z > Z/m. 

For x, y € Z, we write x = y (mod m) (read x congruent to y mod m) iff 
x=y &€ Z/m. (Equivalently, iff m\(x — y).) 

Clearly |Z /m| = |m|. (We write |G| for the order of a finite group G.) 

We investigate U,,. 


Proposition 2.1. Let x € Z. Then x € U,, if and only if GCD(x, m) = 1. 


Proof. (=) Let x € U,,. Then there exists y € Z with xy = 1; that is, xy = 
1 (mod m); so xy — tm = 1 for some ¢t € Z. From this we see that x and m 
can have no common prime factors. 

(=) If GCD(x, m) = 1, then xy + tm = 1 1s solvable in integers y and t. 
But then xy = 1. Thus X is invertible. ] 


Corollary 2.2. |U,| = p — 1 if p is prime. Thus Z/p is a field. 


Corollary 2.3. Fermat’s Little Theorem. Let p be prime and GCD(a, p) = 1. 
Then a?~* = 1 (mod p). (Equivalently, a?~* = 1 for every a € U,.) 


Proof 1. The order / of a € U, must divide the order of U,. That is, / divides 
p — 1. Hence ( p — 1)// € Z. We calculate a?~! = (a')?~?/" = 1, 


Proof 2. Let GCD(a, p) = 1. Write down two sequences of integers. 


Lt 2 3 tes p-1 
a 2a 3a --- (p-l1)a 


The first sequence is a complete set of representatives of the nonzero 
congruence classes mod p. 

We claim that the second sequence is too. Each element of the second 
sequence is nonzero mod p, being the product of integers that are nonzero 
mod p, and no two integers in the second sequence are congruent mod p, 
since p + a (just see whether p divides the difference of two of them!). So the 
second sequence is a subset of a set of representatives. Since it has p — 1 
elements, it must in fact be a complete set of representatives of the nonzero 
congruence classes mod p. 
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Thus the elements of the second sequence, after rearranging, must be 
congruent to the elements in the first. 


1-2-3---(p—1) =a-2a-3a---(p—1)a (mod p), 


(p—1)!=(p-1)!a?"* (mod p). 


Since ( p — 1)! is invertible mod p, we conclude 1 = a?~! (mod p). Ea 
Lemma 2.4. Wilson’s Theorem. ( p — 1)! = —1 (mod p) if p is prime. 


Proof. We ask which elements in the following sequence equal their own 
inverses mod p. 


1 22. -fe ee ep, 


Answer: Only 1 and p — 1. For if x - x = 1, that is, if x? = 1 (mod p), 
then p|x* — 1. But p\(x —1)(x +1) means that either p|(x — 1), giving 
x = 1 (mod p), or p|(x + 1), giving x = —1 (mod p). 

So we compute ( p — 1)! by pairing inverses thus: 


(p— Il =1- (p= 1) (2-2-3634) 


=1-(p-—1)=~—-1 (mod p). fe 


We come to a refined version of Lemma 1.4 of the Introduction, the 
principal lemma in Chapter 2. 


Proposition 2.5. Let p be an odd prime. 
Then X? = —1 (mod p) is solvable if and only if p = 1 (mod 4), in which 
case X = +((p — 1)/2)! are the only two solutions mod p. 


Proof. (=) Suppose that x* = —1 (mod p). Then 


(x2)? 9” =yP-l=] (mod p), 
ll 


(—1)?-2? = | 1 if p = 1 (mod 4) 


—1 if p =3(mod4)’ 
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So we must have p = 1 (mod 4). 


(= (Lagrange) — 1= (p ~ 1)! = (1-2-- 25-) (2 p-1 
= (1-225 *).(p-2*.. p-3| 
= (2) ne (2-} 
= (-r-97(2—)p (mod p). 


Thus 


(P=) = © if p = 1(mod4) 
a 1 if p=3(mod4)’ 

For the final assertion, we note that a* = b? (mod p) implies that a? — 
b* =0 (mod p). Thus p\(a + b)(a — b). So either p\(a + b), giving 
a = —b (mod p), or p\(a — b), giving a = b (mod p). Apply this to b = 
(Cp — 1)72)! a 


Notice that in the proofs of both Lemma 2.4 and Proposition 2.5 we needed 
to know that X* = c (mod p) has at most two solutions mod p. (In Lemma 
2.4, c = 1. In Proposition 2.5, c = b? = —1.) Rephrased, we needed to know 
that X”7 — c has at most two roots in Z /p. We prove more in the next lemma, 
where we have written Z /p[X] for the ring of polynomials with coefficients in 
Z /p. The result depends crucially on the fact that Z/p is a field. 


Lemma 2.6. Let p be prime and let f( X) € Z/p[X] be a nonzero polynomial 
of degree s. Then f(X) has at most s roots in Z/p. 


Proof. Argument by induction. If a is a root of f(X), then X — a divides 
f(X) (division algorithm). So f(X) = (X — a)g(X) where deg g( X) = s — 1. 
Because Z/p is a field, roots of f( X) distinct from a must be roots of g(X). 
The inductive hypothesis shows that there can be at most s — 1 of them. a 


Polynomial arithmetic suggests an alternative proof of Wilson’s theorem as 
follows. 


Proof 2 of Lemma 2.4. By Fermat’s Little Theorem, Corollary 2.3, 1, 2,..., 
p-—1 are roots of X?-!—1€Z/p[X]. Thus (X — 1)(X — 2)--- 
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(X — (p — 1)) = X?7! — 1 (mod p). Comparing constant terms, we deduce 
(—1)?~*(p — 1)! = —1 (mod p). 

Equivalently, (p — 1)! = (—1)”? (mod p). If p is odd, then (—1)? = —1. 
If p = 2, then (—1)? = —1 (mod p). Thus (p — 1)! = —1 (mod p). | 


There is another approach to the main Lemma 1.4 which rests on the 
structure of the group U,. Since it removes the mystery from Proposition 2.5 
(<=) we present it. 


Theorem 2.7. U, is a cyclic group for every prime p. 


Definition. An integer x such that x generates U, is called a primitive root 
mod p. 


Proof. We use the following two facts. 


Fact I. For every d, the equation X“ = 1 has at most d distinct roots in U, 
(by Lemma 2.6). 


Fact 2. A cyclic group of order n contains a cyclic subgroup of every order d 
dividing n (generated by y”/4 with y of order 7). 


Let A(d) be the number of elements of order d in U,. Since |U,| = p — 1, 
we want to show that A( p — 1) > 0, that is, that U,, contains at least one 
element of order p — 1 (which would then be a generator). 

Let C(d) be the number of elements of order d in a cyclic group of order 
p= i. 

Clearly A(d) = C(d) = 0if d is not a divisor of p — 1. We note that 


p-1= ) A(d)= D C(d) 


divisors divisors 
d of p-1 dof p-1 


since the formulas on the right count the elements of U, or of a cyclic group of 
order p — 1 by first grouping them by their orders. 

Now suppose A(d) # 0. Then U, contains an element of order d, which 
generates a cyclic subgroup of order d. All d elements of that subgroup solve 
X¢ = 1, so by Fact 1 that subgroup must be the set of all roots of X4 = 1 in 
U,; it must therefore contain all elements of order d in U,. Therefore A(d) 
equals the number of elements of order d in a cyclic group of order d. By Fact 
2, this is less than or equal to C(d@). 
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We summarize. Either A(d) = 0 or A(d) < C(d). Either way, A(d) < 
C(d). But 


dL (C(d) - A(d)) = 0. 


divisors 
d of p—1 


We conclude that C(d) = A(d) for all d. In particular, A( p — 1) = 
C(p —1)> 0. 


Proof 2 of Lemma 1.4. Let p be an odd prime number. The equation x* = 
—1 (mod p) implies that x € U, has order 4, which implies that 4 divides 
p= A. 

Conversely, suppose that 4 divides p — 1. Let z = y(?~)/4 where y is a 


primitive root mod p. Then Z has order 4 in U. Thus z* = —1 (mod p), 
because Z? isaroot # lof X*—1linZ/p. i 
Exercises 


1. Show that |U,.| = (p — 1)p* * where p is prime, a > 1. 


2. Let p be a prime number. Using the binomial formula for (a + 1)”, prove 
by induction that a? = a (mod p) for every integer a. 


3. Find the smallest prime divisor of 27’ — 1. 


4. Prove that every prime divisor of 2°” + 1 is congruent to 1 mod 64. Find 
the five smallest primes congruent to 1 mod 64. Show that 641 divides 
277 +1. 


5. Let GCD(a, m) = 1. Prove that a“ = 1 (mod m), where d = |U,. 


6. Let p be an odd prime number. Define sq: U, > U, by sq(x) = x”. Show 
that sq is a group homomorphism. Calculate |R| where R is the image of 
sq. By pairing x with x~', show that R — {1,—1} contains an even 
number of elements. Conclude that —1< R= p#=1 (mod4). Hence 
prove Lemma 1.4. 


7. How many roots of X* — X, of X* — X are there in Z/6? of X? — 1 in 
Z /8) 


8. Let p be prime. Show that the polynomial X” — 1 has exactly m roots in 
Z/p for every positive divisor m of p — 1. 


10. 


11. 


12. 


13. 


14. 


15. 


16. 


17. 


18. 


19. 
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. Let G be a cyclic group of order n. 


i. Show that every subgroup of G is cyclic and that G has exactly one 
subgroup of each order dividing n. 


ii. Let C(d) be the number of elements of G of order d. Show that 
C(d) = |U,| if dn. 


i. Let G be a finite group such that X“ = 1 has at most d solutions in G 
for every positive integer d. Show that G is cyclic. 

ii, Let G be a finite subgroup of K* where K is a field. Show that G is 
cyclic and that G = {x € K|x” = 1} where m = |G|. 


i. Let G be a finite abelian group. Let m be the largest order of an 
element of G. Prove that x” = 1 for every x € G. 

ii. Let G = U,, where p is prime, and let m be as in i. Use Lemma 2.6 to 
prove that m = p — 1. Hence prove Theorem 2.7. 


Let p be a prime number and let y be a primitive root mod p. Prove 
that (p — 1)! = yit?+ > +©@-) (mod p). Conclude that (p — 1)! = 
—1 (mod p). 


Let p be a prime number that is congruent to 1 mod8. Let z = y(?~)/8 
where y is a primitive root mod p. Prove that (z? — z)? = 2 (mod p). 
Conclude that there exist integers a,b such that a” = 2 (mod p) and 
b? = —2 (mod p). 


Let p be a prime congruent to 1 mod 3. Let z = y{?~/3 where y is a 
primitive root mod p. Prove that (2z + 1)? = —3 (mod p). 


Let p be a prime congruent to 1 mod5. Let z = y‘?~/° where y is a 
primitive root mod p. Prove that (2z* + 2z + 1)? = 5 (mod p). 


Prove that £?7}x” = 0 (mod p) for all prime numbers p and all integers 
n # 0 (mod p — 1). 


For what primes p does X? = a (mod p) have a solution for all inte- 
gers a? 


Let p be a prime number. Show that (ap)! /p? = (—1)%a! (mod p) for all 
positive integers a. Show that p?!/p?*' = 1 (mod p). 


I Let a,n © Zwithn > 1, GCD(a, n) = GCD(n, 10) = 1, and1 <a < 


n. Show that as a repeating decimal, a/n = 0.x,x, --- x, with x; € 
{0,1,...,9} and minimal period r equal to the order of 10 in the 
group U.. 


ii. Find all primes p for which the decimal expansion of 1/p has period 
r= 1,2,3,4,5. 
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20. Let p be a prime number and let n > 1 € Z. 
i. Let a= 2?" and let q be a prime divisor of (a? — 1)/(a — 1) = 
a?~* + aP~? + .-- +1. Show that 2 © U, has order equal to p” and 
that g = 1 (mod p”). 
ii. Prove that there is an infinite number of primes congruent to 
1 mod p”. 
iii. Prove that there is an infinite number of primes with final digit 1. 


21. Let p be an odd prime number. 

i. Let ¢ € Z. Show that (1 + tp)?" = 1+ tp”! (mod p”) for all n > 2. 
Conclude that if p + t, then 1 + ¢p has order p”~* in U,, for all n > 1. 

ii. Show that U,. contains an element of order p — 1 for every n > 1. 

iii. Prove that U,, is a cyclic group for all n > 1. 

iv. An integer x is said to be a primitive root mod p” iff p+x and x 
generates the group U,,.. Show that 2 is a primitive root mod 3”, 5”, 
11”, and 13” and that 3 is a primitive root mod 7” for all n > 1. 

v. Prove that if x € Z is a primitive root mod p” then x is a primitive 
root mod p” for all n > 1. 


22. Prove that 52” > =142"7! (mod 2”) for all n = 3. Deduce that > has 
order 2”~* in U,, for all n > 2. Conclude that U, = ( — 1) X (5) for 
n > 3. Thus if n > 3, then U,, is not cyclic. 


23. Let G be a finite abelian group of order n. Use Proof 2 of Corollary 2.3 as 
a model to prove that g” = 1 for all g € G. 


3. Applications of Lemma 1.4. 


Lemma 3.1. Let n be an integer and let p be an odd prime dividing n? + 1. 
Then p = 1 (mod 4). 

Proof. Since p|n? +1, we have n? = —1 (mod p). By Lemma 1.4, p= 
1 (mod 4). a 


Theorem 1.2. There are infinitely many primes congruent to 1 mod 4. 


Proof. We imitate Euclid’s proof of the infinitude of the primes. Let 
Pi, P2,---» Pp, be primes congruent to 1 mod 4. Let n = 2p,p, --- p,. 

By Lemma 3.1, all prime divisors of N = n? + 1 (which is odd) must be 
congruent to 1 mod4. Obviously, none of the p, divide N. So the list 
P1,---» Pp, May be extended by tossing in any prime divisor of N. | 
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We next prove the implication 1 = 2 of Theorem 1.3. 


Proposition 3.2. Let x? + y”? =n with integers x, y, n where n # 0. Let q be 
a prime congruent to 3 mod4. Then the highest power of g dividing n is an 
even power. 


Proof. Suppose that g|n. We first show that q must divide both x and y. If 
for instance g + x, then x is invertible mod g. So the congruence x* + y? = 
0 (mod qg) would lead to (yx~*)? = —1 (mod q), which contradicts Lemma 
1.4. Thus q|x. Similarly gq] y. 

Let g@ be the highest power of g dividing both x and y. Then q?“|n and we 
claim that q7@*) +n. 

Write X = x/q*, Y=y/q*, and N=n/q?*. We have X*+ Y*=N. 
Since g does not divide both X and Y, the argument of the first half of this 
proof shows that qg does not divide N. Thus the highest power of q dividing n 
is precisely g*’. = 


Our next proposition, together with Theorem 1.1 (which has yet to be 
proved) and the trivial observations that 17 + 17 = 2 and p* + 0? = p’, serves 
to prove the implication 2 > 1 of Theorem 1.3. 


Proposition 3.3. If integers m,n are both sums of two (integer) squares, then 
so is their product mn. 


Proof. Suppose X? + Y* = mand U? + V* = n with integers X, Y, U, V. We 
then have m =|X + iY|?, n =|U + iV|*. Thus 
mn =|(X + iY)(U + iV)|’ =|(XU — YV) + i(XV + YU)? 
= (XU— YV)’+(XV+ YU)’. a 


Exercises 


1. Prove that (X? + Y?)(U? + V?) =(XU + YV)? + (XV — YU)’. Find an 
interpretation of this identity in terms of absolute values of complex 
numbers. 


2. Find four distinct positive integers a, b,c, d such that a? + b* = c* + d? 
= 439097 = 577 - 761. 


3. Let m,n © Z. Suppose that the equations X¥* + 2Y? =m, X*+2Y7=n 
both have integer solutions. Prove that the equation X* + 2Y* = mn must 
also have a solution in integers. 
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4. Let x7 + 2y? =n with integers x, y,n where n # 0. Let g be a prime 
number such that there is no integer z satisfying the congruence z” = 
—2 (mod q). Prove that the highest power of g dividing n is an even power. 
Find the three smallest primes g to which this result applies. 


5. i. Let p be an odd prime. Show that X¥* = —1 (mod p) has a solution if 
and only if p = 1 (mod 8). 


li. Prove that there are infinitely many primes congruent to 1 mod 8. 


6. Prove that there are infinitely many primes congruent to 5 mod 8. (Hint: 
Let P be a product of primes of the desired type. Consider prime divisors 
of P* + 4.) 


7. Let m,n © Z with n = —1 (mod 4). Assume that m has no prime divisors 
that are congruent to 3 mod 4. Prove that there do not exist integers X, Y 
such that Y* = X? + n°? — 4m’. (Examples: Y* = X? +k, k = 
—17, —5,11, 23.) (Hint: Show that if Y? + 4m? = (X 4+ n)\(X? —nX + 
n*), then there is a prime divisor of X” — nX + n’ that is congruent to 
3 mod 4. Produce a contradiction.) 


8. Let m and n be odd integers. Assume that m has no prime divisors that are 
congruent to 3 mod 4. Prove that there do not exist integers X, Y such that 
Y* = X? + 8n? — m’*. (Examples: Y? = X? +k, k = —9,7.) 


4. Gaussian Integers 


The factorization X* + Y* = (X + iY)(X — iY) suggested to Gauss the study 
of the ring that now bears his name. 


Definition. The ring Z[i] of Gaussian integers is the ring {m + in|m,n € Z} 
CC. 

The norm Na of a complex number a is defined by Na = |a|*. For a 
Gaussian integer we have N(m + in) = m? + n?. 


Because Na = aa, we find that N(aB) = Na - NB. From this we deduce 
that a € Z[i] 1s a unit in Z[i] if and only if Na = 1. The group of units in Z[/] 
is thus (+1, +7}. 

Gauss discovered that much of Euclid’s ancient theory of factorization of 
integers can be carried over to Z[i] with important number theoretic conse- 
quences. The cornerstone is Theorem 4.1, whose statement and proof is our 
next order of business. 
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Definition. A Gaussian integer a # 0 is a Gaussian prime iff a is not a unit 
and there is no factorization a = By where B, y € Z[i] are nonunits. 


Two Gaussian integers are associate iff one is a unit times the other. 


Theorem 4.1. Let a € Z[i] with a #0. Then there exists a factorization 
a = upj" --+ p."* where wu is a unit in Z[i], the p,; are pairwise nonassociate 
Gaussian primes, and the m, are positive integers. Moreover, if a = uqj" --: 
q; is another such factorization, then s =f and, after relabelling, p; 1s 
associate to q, and m, = n, for all j = 1,2,..., 5. (In short, Z[7] is a unique 
factorization domain.) 


Proof of Theorem 4.1, Existence. We proceed by induction on Na. If Na = 1, 
we have already noted that a is a unit. If Na > 1, then either a is a Gaussian 
prime or a = By with NB, Ny > 1. Since Na = NBNy, it follows that NB, Ny 
< Na. By the inductive hypothesis, both B and y have factorizations as 
products of Gaussian primes. These can be combined to produce the desired 
factorization of a. | 


Before proving uniqueness of factorization we first prove that Z[i] possesses 
a division algorithm. 


Proposition 4.2. Let a, 8B € Z[i] with B # 0. There exist g, r © Z[i] such that 
a = q+ rand Nr < NB. (That is, we can divide a by # getting quotient q 
with a remainder r which is smaller than the divisor.) 


Proof. Let a/B =y © C, say y = u + iv with u, v © R. Let m be the nearest 
integer to u, n the nearest integer to v, so that y =(m+s)+i(n + ¢) with 
ls|, |t] < 4. Let g= m+ in © Z[i] and let r= B(y — q). Then a = gB +r. 
Since a,qg,B € Z[i], we have that r=a—gB€Z{[i]. Finally, Nr = NB 
-N(y — q) = NB- N(s + it) < NBC’ + 4°) < NB. a 


Definition. A nonzero Gaussian integer B is said to divide a € Z[i] (written 
B\a) iff there exists y € Z[i] such that a = By. 

A Gaussian integer y is a greatest common divisor (GCD) of a pair 
a, B € Z[i] iff y divides both a and B and is itself divisible by all other 
elements of Z[i] with the same property. 


Notice that if a|B and Bla, then a and B are associate. For writing a = By, 
we get Na = NBNy and thus NB < Na. Similarly, Na < NB, whence Na = NB 
and so Ny = 1. Hence y is a unit. 
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Lemma 4.3. 1. Every pair of Gaussian integers not both zero has a greatest 
common divisor. Moreover, for each such pair a, B € Z[i] and greatest 
common divisor y, there exist x, y © Z[i] such that ax + By = y. 

i. If a Gaussian prime divides a product a,a, --- a, of Gaussian integers, 
then it must divide one of the a,. 


Proof. 1. By repeated use of Proposition 4.2 exactly as for the integers Z, as 


follows. Let a, B © Z[i] with B # 0. If Bla, then B is a GCD for a and 8B. If 
not, write inductively 


a=qbt+n, 
B= dor +r, 


Fg oF Am+1"n + n+? 


where q,,,',, © Z[i] and Nr, < Nr,_,. Because the Nr, are nonnegative 
integers, the process must stop with an integer M such that Nr,,,, = 0. From 
the definition of the norm we see that r,,,, = 0. It is then easy to prove that 
ry 1s a GCD for a and B that can be expressed as a linear combination 
ax + By. If y is another GCD for a and £, then r,,|y and y|r,,, whence r,, 
and y are associate. That is, y = ur,, for some unit u © Z[i]. We have 
aux + Buy = y. 

li. Exercise. | 


Proof of Theorem 4.1. Uniqueness. We just copy the classical proof of unique 
factorization in Z using Lemma 4.311. There are no surprises, so we leave the 
details as an exercise. = 


The reader with a taste for abstraction might well prefer to replace the 
preceding argument with the proof of some such general theorem as Euclidean 
domains are unique factorization domains. He would then have to define 
Euclidean domains carefully, but his proof would be no different from that 
sketched. 

We wish to point out the limited scope of the methods just sketched. Many 
rings are important in number theory; most do not have a unique factorization 
property. Of those that do, few possess a Euclidean algorithm. They must be 
tackled with completely new ideas, and in fact, there are proofs that factoriza- 
tion in the Gaussian integers is unique that in no way rely on Proposition 4.2. 
This is of very great interest but cannot be developed here. 

We now produce our first proof of Theorem 1.1. 


Proof of Theorem 1.1. Let p be a prime number congruent to 1 mod4. By 
Lemma 1.4 there exists x € Z such that x? = —1 (mod p). Then p|x* + 1. 
Since p divides a product (x + i)(x — i) of two Gaussian integers but does 
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not divide either factor x +i or x — i, we conclude that p cannot be a 
Gaussian prime. 

Thus p factors, p = aB where a, B € Z[i] and Na, NB > 1 (neither a nor 
B a unit in Z[i]). The calculation p* = Np = NaNB shows that the ordinary 
integers Na and NG must both equal p. Write a = U + iV. We have p = Na 
Si ae V2 x 


We proceed with the analysis of Z[i]. Our next goal is the determination of 
the Gaussian primes. 


Lemma 4.4. i. Every Gaussian prime divides some ordinary prime number. 
ii. Let a € Z[i]. If Na is a prime number, then a is a Gaussian prime. 


Proof. i. Let a be a Gaussian prime. We have aa = Na = [|p; where the p,; 
are ordinary prime numbers. Since a divides the product of the p,, it must 
divide one of the p,. 

ii. Suppose Na = p is prime. Then a = By > Na = NBNy = p = either 
NB = 1 and B is aunit or Ny = 1 and y is a unit. a 


To find all Gaussian primes we need only, according to Lemma 4.41, factor 
all ordinary prime numbers into products of Gaussian primes. 


Theorem 4.5. i. 2 = —i(1 + i)” and 1 + i is a Gaussian prime. 

ii. Let p be a prime number congruent to 1 mod4 and let p = X* + Y? 
with X, Y € Z. 

Then p=(X+iY)(X —iY), and X+iY, X-—iY are nonassociate 
Gaussian primes. 

iu. Every prime number that is congruent to 3 mod 4 is a Gaussian prime. 

Thus there are two Gaussian primes corresponding to every prime number 
congruent to 1mod4, and one corresponding to each of the other prime 
numbers. (We say that p = 3 (mod4) remains prime, that p = 1 (mod4) 
splits, and that 2 ramifies in Z[i].) 


Proof. 1. by Lemma 4.411. 

ii. That X + iY, X — iY are Gaussian primes is a consequence of Lemma 
4.411. The four associates of X + iY are X+ iY, —X —iY, —Y+1X, and 
Y — iX. None of these equals X — iY since the formulas X? + Y* = p shows 
that X #0, Y#0,and X# +Y. 

iii. Suppose p = 3 (mod4) and p= af with nonunits a and B in Z[/]. 
Then p? = NaNB implies that Na =p. Writing a= X+ iY, we con- 
clude that p= X?+ Y? with X,Y eZ. Reducing mod4 we get 3= 
X* + Y* (mod 4). But squares are all congruent to 0 or 1 mod 4. The sum of 
no two can be congruent to 3 mod 4, and so we have a contradiction. Thus p 
does not factor in Z[7/]. a 
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Theorem 4.6. Let p be a prime number congruent to 1 mod4 and let 
p= X*+ Y?* with X,Y € Z. 

There are exactly eight distinct solutions (U,V) € Z? to the equation 
U* + V* = p, namely 


(U,V) =(4X,+Y) and (U,V) =(+Y,4+X). 


Thus p is a sum of two squares in essentially only one way. 


Proof. lf p = U? + V?, then U+ iV is a Gaussian prime factor of p. By 
Theorems 4.1 and 4.5ii it must be one of the four associates of X + iY or one 
of the four associates of X — iY. These correspond to the eight distinct 
possibilities listed in the theorem. a 


Exercises 


1. Write detailed proofs of Lemma 4.3ii and of uniqueness in Theorem 4.1. 
2. Deduce Theorem 1.3 from Theorem 4.5. 


3. Let n be a positive integer. Prove that there exist relatively prime integers 
a, b such that a? + b? = n if and only if n is not a multiple 4 and n has 
no prime divisors congruent to 3 mod 4. 


4. i. Let w = — 44 i(¥3 /2) and let Z[w] = {m+ nolm,n € Z} CC. 
Show that Z[w] is a ring whose only units are +1, +w, and +w’. 


ii. Prove that for every z € C there exists g © Z[w] such that N(z — q) 
< 1. Prove for Z[w] the analogues of Proposition 4.2 and Lemma 4.3, 
and hence prove a unique factorization theorem for Z[w]. 


iii. Prove that if p is an odd prime number for which X? = —3 (mod p) 
has a solution, then there exist integers x, y such that x* + xy + 
2 
Ne 


iv. Let p be a prime number greater than 3. Prove that the following three 
assertions are equivalent. (a) X* + XY + Y* =p has a solution in 
integers X, Y. (b) X* = —3 (mod p) has a solution. (c) p = 1 (mod 3). 
(See Exercise 2.14.) 


5. Prove that every element of Z[w] is associate to an element of the form 
m + inV3 with m,n © Z. For which prime numbers p do there exist 
x, y © Z such that x? + 3y* = p? 


6. i. Let a be a prime element of Z[w]. Show that Na = p or Na = p” for 
some prime number p in Z. Deduce that exactly one of the following 
three statements is true: a is associate to iV3: a and @ are nonassoci- 
ate; a 1S associate to a prime number in Z. 
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ii. Suppose that x, y © Z, GCD(x, y) = 1, x # y (mod 2), and 3+ x. 
Show that GCD’(x + iyV3, x — iyV3) = 1 where GCD’ here means 
“sreatest common divisor in Z[w].” 

iii. Let x, y,z © Z be such that x? + 3y* =z? and GCD(x, y) =1. 
Prove that there exist integers a,b such that x = a? — 9ab” and 
y = 3a*b — 36°. (Hint: Show that the hypotheses of ii are met. Using 
Exercise 5 conclude that x + iy¥3 = u(a + iby¥3)? for some a,b € Z 
and unit u € Z[w]. Show that u = +1.) Show that GCD(a, b) = 1, 
a # b (mod 2), and 3 + a. 


7. i. State and prove a unique factorization theorem for the ring Z{V—-2]= 
{m + iny2|m, n & Z}. 
ii, Let y be an odd integer. Prove that GCD’(y + iv2, y — i¥2) =1 
where GCD’ here means “greatest common divisor in Z[¥—2 ].” 
iii. Prove that (x, y) = (3, +5) are the only two integer solutions of the 
equation y* = x? — 2. 


8. Let p and g be distinct primes congruent to 1 mod4. Determine the 
number of pairs of integers (x, y) such that 0 < x < y and x? + y* = pg. 


5. Farey Sequences 


Consider the following array of fractions whose rows are the Farey sequen- 
ces F,. 


0 1 
FF 
0 1 1 
oo 2 ri 
0 1 1 Z 1 
om 3 3 1 
) 1 1 1 2 3 1 
“a 7 4 3 2 3 4 I 
0 1 1 i sd 2 ee oS 1 
‘a 54 35 2 35 3 45 1 
0 111 L 2 kL @ 2 BAS 1 
“4 654 3 °5 2 3 3 43% r 


The nth row F, is the ascending sequence of integer fractions h/k between 
0 and 1 with GCD(hA,k) =land1l<k <n. 
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A little experimentation suggests that the difference of two successive 
elements of a Farey sequence is always a fraction with numerator 1. That this 
is actually so is the fundamental theorem of the subject. 


Theorem 5.1. Let b/a, d/c be consecutive elements of the sequence F,. Then 
d/c — b/a = 1/ac. Equivalently, ad — bc = 1. 


The proof of Theorem 5.1 will be based on a geometric theorem which we 
discuss next. 

Let M C R* be the integer lattice of R*, that is, M = {(m,n) € R?|m, n 
© Z}. M is a group under vector addition. 


Definition. A point P © M 1s visible (from the origin O) iff P # 0 and there is 
no element of M on the interior of the segment OP. Equivalently, 


P = (m,n) € M is visible iff GCD(m, n) = 1. 


Notice a bijection between the set of visible points P = (x, y) of M in the 
region 0 < y < x and the set of rational numbers g = y/x with O <q < 1. 
The elements of the Farey sequence F, correspond to the visible points (x, y) 
in the triangular regsionOd <y<x <n. 
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Definition. Let P, Q be two visible points of M with P # +@Q. The parallelo- 
gram J defined by OP, O@ is the set J = {rP + sQ|r,s ER, O<r, 5s <1}. 


If P = (a, b), O = (c, d), then from elementary geometry it is known that the 
area of J equals |ad — bc|, a positive integer. 

The triangle OPQ is the set OPQ ={rP + sQ|r,sER; O<r,s <1; 
ie ae eS 


Theorem 5.2. Geometric Theorem. Let P,Q with P # +Q be visible points 
of M and let 6 be the area of the parallelogram J defined by OP, OQ. 

If 5 = 1, then there is no point of M in the interior of J. 

If 56 > 1, then there is at least one point of M in the intersection of OPQ 
with the interior of J. 


We first prove a lemma. 


Lemma 5.3. Let P = (a,b), Q=(c,d)& M. Let M’ = {mP + nQ|m,n& 
Z\, the subgroup of M generated by P and Q. 
The following are equivalent. 


1 M=M’, 
2. (1,0) and (0,1) are elements of M’. 
a b\_ 
3. det(t ®)= +1. 
Proof. Since M’ C M, and M 1s generated by {(1,0), (0, 1)}, the equivalence 
1 = 2 1s obvious. 


2 = 3. By hypothesis there exist integers m,n, p, g such that: 


(1,0) = m(a,b)+n(c,d), 


(0,1) = p(a,b)+q(c, da). 
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These equations can be written in matrix form: 


(a "(Palle ab 


Taking the determinant of this last equation yields 


Since the two determinants are integers, each must equal +1. 
3 = 2. The hypothesis det{ “ 7 \= +1 implies that the inverse of 6 : 
c ; 
has integer entries. Starting with 


| 1 0 _ ( m n a b 
0 1 PG \ey dye 
reverse the calculation in the proof of 2 = 3 to show that (1,0), (0,1) € M’. @ 


Proof of Theorem 5.2. Let P, Q, J, and 6 be as in the statement of the 
theorem. 


Case 1. 5 = 1. Then Lemma 5.3 shows that M = {mP + nQ|m,n € Z}. But 
the interior of J is {rP + sQ|0 < r,s < 1}. Clearly there is no intersection. 


Case 2.6 > 1. By Lemma 5.3 there is an element R = xP + yQ of M that is 
not in M’. Because R € M’, x and y are not both integers. Let S = R — 
[x]P — [y]Q, where we write [t] for the greatest integer less than or equal to a 
real number ¢. 

Because S is a sum of three elements of the group M, we have S € M. 
Clearly SeJ. If S € OPQ, let T=S. If S€ OPQ, let T=P+Q-S 
which is an element of OPQ and also lies in M1 J. 

We show finally that 7 lies in the interior of J, that is, that T€ OP U O@Q. 
Since T = rP + sQ with r,s not both integers we know that 7 + O, P,Q. 
That the element T of M is not in the interior of OP or OO is because P and 
QO are visible. a 


Proof of Theorem 5.1. Let b/a,d/c be consecutive fractions of F.. Let 
P =(a,b), QO =(c, a). 
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If 6 = |ad — bc| > 1, then by Theorem 5.2 there is a visible point (k, h) of 
M other than P, Q inside OPQ. Slope considerations show that b/a < h/k < 
d/c. Since k < max{a,c} <n, we find that h/k € F.. But that contradicts 
the consecutivity of b/a, d/c. 


Q = (c,d) 


P = (a,b) 


Thus ad — bc = +1, where we have the positive sign because b/a < d/c. & 


We next employ Theorem 5.1 to analyze the construction of the Farey 
sequences. 


Proposition 5.4. Let N,/D,, N,/D, be consecutive fractions in F,. 
i. GCD(N,, N,) = GCD(D,, D,) = 1. That is, consecutive numerators and 
consecutive denominators from F, are relatively prime. 


i. If n > 2, then D, # D,. That is, consecutive denominators from F,, are 
unequal. 


Proof. Part 1 is immediate from the equation D,N, — N,D, = 1. 
In view of 1, D, = D, can only happen if D, = D, = 1. But the only 


fractions in F,, with denominator 1 are 0/1 and 1/1, and for n > 2 they are 
not consecutive. a 


Corollary 5.5. Between two consecutive elements of F, there is at most one 
element of F,,;. 


Proof. Fractions in F,,, but not in F, all have denominator n+ 1. By 
Proposition 5.411 any two such fractions must be separated by a fraction with a 
different and therefore smaller denominator. a 


Proposition 5.6. If N,/D,, N,/D,, N,/D, are consecutive fractions in F,,, then 
N,/Dy = (N, + N3)/(D, + Ds). 
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Proof. By Theorem 5.1: 
D,N, — N,D, = 1, 
— D,N, + N,D, = 1. 


Take the difference to get (D, + D,)N, — (N, + N;)D, = 0, which is equiv- 
alent to the assertion of the proposition. a 


Theorem 5.7. Let N,/D,, N,/D, be consecutive fractions in F,. Then 

1. D, + D, > n and GCD(N, + N,, D, + Dy) = 1. 

li. Fp 4p, 18 the first Farey sequence to include an element between N,/D, 
and N,/D,. It includes exactly one such element, namely (N, + N,)/ 
(D, + D,). 


Proof. An easy computation shows that N,/D, < (N, + N,)/(D, + D,) =A 
< N,/D). 

Write A as a reduced fraction: A = N/D. Because the N,/D, are consecu- 
tive in F,, A¢F. Hence D>n. But D is a divisor of D, + D,, and 
D, + D, < 2n, so D = D, + D,. This proves 1. 

By Corollary 5.5 the first Farey sequence to include an element between 
N,/D, and N,/D, contains a unique such element. By Proposition 5.6 that 
element is (N, + N,)/(D, + D3), which first occurs in Fp ,p, by Theorem 
5.71. = 


The previous theorem gives a simple method to construct F,, from F.. 
There is one new fraction (N, + N,)/(n + 1) with denominator n + lin F,,,; 
between every pair of consecutive fractions N,/D,, N,/D, of F, whose de- 
nominators add ton + 1. 


Theorem 5.8. Let N/D © F.. The element of F, that follows N/D is y/x 
where (x, y) is the unique pair of integers such that: 


1. Dy — Nx =1 


and 


ll. 0O<n-D<x<n. 
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Proof. Let yo/X_ be the element of F,, that succeeds N/D. By Theorem 5.1, 
Dyy — NX 9 = 1. By definition of F,, x9 <n. By Theorem 5.71, x, + D> n. 
Hence (Xo, yo) is a solution to i and i1. 

It remains but to observe that there is a unique solution to i and 11. Indeed, 
since GCD(N, D) = 1, the general solution in integers to Dy — Nx = 1 is the 
set {(X) + tD, yo + tN)|t © Z}. If t > 0, then x9 + tD > n. If t <0, then 
X95 + tD < n — D.SO(Xo, yo) is the only solution to 1 that satisfies 11 as well. & 


Farey sequences are fascinating in their own right. Our interest here, 
however, is in employing them to prove some simple results on the approxima- 
tion of real numbers by rational numbers. 

Let € be a real number. Let b and B be positive integers with b < B. 
Offhand, one might expect that it is possible to approximate € more closely by 
a fraction (rational number) with the large denominator B than by one with 
the small denominator b. 

But that expectation is wrong! Counterexamples abound. For instance, the 
fraction 5 is much closer to € = 0.1111111 than is ;¢¢5, the best approximation 


1000 ° 
possible with the large denominator 1000. More interesting perhaps is the 
approximation of 7 by *%, which is closer to 7 than is 3.14, the nearest 
approximation by hundredths. A glance at the Farey sequence F; shows that 
every number between { and 4 will be closer to one of 4,4 than to any 
approximation by fifths. 

Just how closely can a real number € be approximated by a fraction with 
denominator b? It is easy to see that one can choose a € Z such that 
a/b —1/2b < € < a/b + 1/25, thereby achieving | — a/b| < 1/2b. It turns 
out that for select b much better is possible, which is the basis of the examples 
of the preceding paragraph. The denominators 9, 7, and 3 or 4 there were very 


well adapted to the corresponding &. 


Theorem 5.9. Let € © R be irrational. There exist infinitely many rational 
numbers a/b such that | — a/b| < 1/2b?. 


Proof. The calculation |€ — a/b| = (€ + k) — (a + bk)/b| shows that we may 
assume 0 < € < 1. 

Let m be a positive integer, and let n/d, N/D be the consecutive fractions 
in F such that n/d << N/D. We will prove that the inequality of the 
theorem is true for a/b one of n/d, N/D. This is trivial if m = 1, so we take 
m > 2. It readily follows from Theorem 5.1 and Proposition 5.411 that 


n 1 N 1 (D—d)° 
— 4+ ——]} — |} — — = ——__-___— > 
| d va | D Td 2d?2D? 
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Therefore 


n N non 1 N 1 N 
a eae C a: ees U Ge ae oe ee oa = 
|“ 4 [- d vd & 2D? 5 


Since € € (n/d, N/D), either | — n/d| < 1/2d? or | — N/D| < 1/2D?. 
We can produce infinitely many a/b with | — a/b| < 1/2b* by using the 
procedure of the previous paragraph for different m. Indeed, we can extend 
any finite set S of a/b by choosing m so large that the consecutive fractions in 
F which bracket € are not in S. Such a choice is possible because the rational 
numbers are dense in the reals and each rational number between 0 and 1 is in 
F for large enough m. a 


Theorem 5.9 is not the best possible. One can in fact prove the existence of 
infinitely many fractions a/b such that | — a/b| < 1/ v5 b?. 

It is occasionally useful to approximate a rational number by another 
rational with a smaller denominator. The following proposition will be strong 
enough for the application to Theorem 1.1. 


Proposition 5.10. Let 7 > 1 be a real number and let € € [0,1]. There exists 
a/b © F,,, such that |§ — a/b| < 1/b7. 


Proof. Let n/d, N/D be the consecutive fractions of F,,, such that n/d < 
< N/D. Using Theorems 5.1 and 5.71, calculate 


n+N n 1 1 1 
mm SS oa CSC > 
d+D ad d(d+D)~ d({[n]+1)) dn’ 


N n+wN 1 1 1 


= ———_$_—- < ———  < —. 
D d+D D(d+D)~ D({n]+1)~ Dy 
Clearly we may take a/b to be one of n/d, N/D. | 
We can now prove Theorem 1.1 a second time. 


Proof of Theorem 1.1. Let p be a prime number congruent to 1 mod 4. By 
Lemma 1.4 there exists x € Z such that x* = —1 (mod p). We may assume 
that 0 < x <p. 

Apply Proposition 5.10 to §=x/p and n= VP . We find a fraction 
a/be Fp) such that |x/p — a/b| < 1/byp. Let c = bx — ap = bp(x/p — 
a/b). 
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Note that b* + c* = b* + (bx)* = 0 (mod p). In other words, b* + c? is a 
multiple of p. 

Clearly |c| < VP . Since a/b € F ypy We also have b < VP . We conclude 
that 0 < b? + c* < 2p:p. Necessarily, b? + c? = p. Ess 


Exercises 


1. Show that F, contains 1 + 17_,$¢(/) elements, where $(i) = |U;| for every 
i>l. 


2. Construct F, for all n < 11. 
3. Find the element of F,, that follows 2. 


4. An Egyptian fraction is a sum Y_,(1/m,) where the m, are distinct 
integers greater than 1. Show that every rational number g with 0 < g < 1 
equals an Egyptian fraction. Express ;5 as an Egyptian fraction. 


5. Let € be an irrational number between 0 and 1. 
i. Let m, n/d, and N/D be as in the proof of Theorem 5.9. Show that 
\§ — a/b| < 1/¥5b* for a/b one of n/d, N/D,(n+ N)/(d + D). 
(Hint: If D < (V5 —1)/2)d or D> (VS + 1)/2)d, then n/d + 
1/¥5d* > N/D-1/¥5 D?. If (V5 — 1)/2)d < D< ((V5_ + 1)/2)d, 
then n/d +1/V¥5d?2>(n+N)/(d + D) —1/¥5(d + D)* and 
(n+ N)/(d+D)+1/V5(d+ D)* > N/D—1/¥5 D?.) 
ii. Prove that there exist infinitely many rational numbers a/b such that 
\§ — a/b| < 1/ V5 B?. 
6. Let € be a rational number. Prove that there are only finitely many pairs of 


integers a, b such that 0 < |€ — a/b| < 1/b’. 


7. Let m be a positive integer such that X7 = —1 (mod m) has a solution. 
Prove that there are integers b and c such that b? + c* = m. 


8. Let € & R be irrational. Use Proposition 5.10 to prove that there exist 
infinitely many rational numbers a/b such that | — a/b| < 1/b?. 


6. Minkowski’s Theorem 


Definition. The lattice L = (v,, v,) determined by a basis { v,, v,} of R? is the 
subgroup of R? generated by v, and v,. That is, L = {mv, + nv,|m,n € Z}. 

The fundamental parallelogram D = D(L) of L = (vj, v2) 1s the subset 
D = {xv, + yu,|x, y ER, 0< x, y <1} of R?’. 
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The area A = A(L) of L is the area of D(L). 


Notice that D is a set of representatives in R* for the quotient group 
R’*/L. That is, R* = U,-,(y + D) and the union is disjoint. (Exercise. 
A picture may help. 


The basic tool in the geometry of numbers 1s: 


Theorem 6.1. Minkowski’s Theorem. Let L = (v,, v,) be a lattice in R? of 
area A. Let C be a circular disc centered at the origin of R? and of area 
greater than 44. Then C contains a nonzero element of L. 


Proof. The proof relies on a version of the box principle. If a region is cut into 
pieces and the pieces are laid into another region of lesser area, then there 
must be some overlapping of the pieces. 

Define the subset D of R? by 


D= D(2L) = {xv, + yoo|x, y ER;0< x, y <2}. 
The set D has area 4A and is a Set of representatives in R* for the quotient 


group R*/2L. That is, R* = ns C2 ie x D) and the union is disjoint. 
Again, a picture may help. 


2vU2 
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We now use 2L to transport, in pieces, the disc C to the parallelogram D. 
Precisely, for y € L write C, = (D + 27) N C. We transport C, to Cs = 
C,— 2y oD. 

Since C = UgisicintC, and since the area of C, equals the area of C/"°, we 
conclude that 


> (area of Cos) = area of C > 4A = areaof D. 


yEL 


Therefore, by the principle enunciated in the first paragraph of this proof, 
there must be some overlapping of the sets C,""S; they cannot be pairwise 
disjoint. Thus there exists y # y’ EL, PEC, QE C,, such that P — 2y = 
Ou ay", 

Then (P — Q)/2 =y — y’ #0 € L. Moreover, since P, Q € C, then also 
(P —Q)/2 © C as the following picture shows. Thus (P — Q)/2 is the 
element of L sought. 


We give a third proof of Theorem 1.1. 


Proof of Theorem 1.1. Let p be a prime number congruent to 1 mod4. By 
Lemma 1.4 there exists a € Z such that a” = —1 (mod p). 

Form the lattice L = (( p,0), (a, 1)), which has area A = p. 

If (x, y) € L, then x? + y? is an integer multiple of p. Indeed, (x, y) 
m(p,0) + n(a,1) for some m,n € Z and (mp + na)* + n? =n’a* +n’? = 
—n? + n? = 0 (mod p). 

Now let C be a disc centered at (0,0) of radius less than y2p and of area 
greater than 44 = 4p. For example, we take C to be of radius 4/p . By 
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Minkowski’s Theorem there exists (x, vy) #0 G@ LMC. Necessarily, 0 < 
x*>+y*<r? = 18p <2p. Since x? + y? is an integer multiple of p, we 
conclude that x? + y* = p. a 


Exercises 


1. i. Where in the proof of Theorem 6.1 did we use the hypothesis that C is a 
circular disc? 

ii, A set C C R? is symmetric iff P € C implies that —P € C, and it is 
convex iff P,Q €C implies that the entire line segment PQ is con- 
tained in C. Prove that the assertion of Theorem 6.1 is true if the set C is 
a symmetric convex subset of R* of area greater than 4A. 


2. Let 7, ER with y > 1. 


i. Prove that for every « > 0 there is a nonzero lattice point (x, y) € Z? 
such that |y — §x| < 1/y and |x| < 7 + e. Deduce that there exists a 
nonzero (x, y) € Z? such that |y — €x| < 1/m and |x| < 7. 

li. Prove that there exist integers x, y with 1 < x < n such that | — y/x| 
< 1/xn. (Alternative proof of Proposition 5.10.) 


3. Prove that if m is a positive integer for which X* = —2 (mod m) has a 
solution, then there exist integers x, y such that x* + 2y? =m. 


7. Method of Descent 
Our third proof of Theorem 1.1 is possibly close to Fermat’s own proof. 


Proof of Theorem 1.1 by Descent. Let p be a prime number congruent to 
1 mod 4. 


By Lemma 1.4 we choose x € Z such that x” = —1 (mod p). We can and 
do assume that 0 < x < p—1. Thus x*+ 17 = mp for some m€Z with 
1<m<p. 


So we can begin our descent with integers x, y, m such that 


x* + y? = mp, 1<m<p. (7.1) 


If m = 1, we are done. If m > 1, we will show how to modify x, y to X, Y 
such that X* + Y? = m’p with m’ € Z,1< m’' <m. If m’ = 1, we will be 
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done. If m’ > 1, we repeat the procedure, modifying X, Y to get ever smaller 
positive multiples of p as sums of two squares. After finitely many steps, we 
must arrive at X* + Y* = 1p. 

We describe the modification process. 

Assume m> 1. Let x’=x, y’=y (modm) with |x’, |y’|< m/2. We 
claim that 


x? +y%=m'm with m’ € Zand1<m' <m. (7.2) 
Indeed, 


x*+y?=x*+y*=0 (modm), 
m \? m \? 
x?+y7< (>| +(F] < m’, 


and x’? + y’* # 0, because the assumption that x’ = y’ = 0 implies x = y = 
0 (mod m), which implies (by (7.1)) that m?|mp, which is a contradiction since 
1 < m < =: and p is prime. 

Now multiply (7.1) and (7.2) and reexpress to get 


mm’ p = (xx’ + yy’) + (xy’ — x’y)’. (7.3) 
We calculate 


xx’ + yy’ = x*+y*=0 (mod m), 


xy’ — x'y =xy —xy =0 (modm). 


Therefore X = (xx’ + yy’)/m and Y = (xy’ — x’y)/m are both integers. 
By (7.3) we have 


X*+ Y*=m'p as sought. fs 


Fermat himself developed, or perhaps invented, the method of descent. A 
sampling of the many interesting Diophantine equations to which he applied it 
is given in the exercises. 

In operational terms, the method in its simplest form can be described as 
follows. One begins with a solution or hypothesized solution of a given 
Diophantine equation. A way is found to produce from it another solution 
that is in some sense smaller. Iterating, one finds smaller and smaller solutions. 
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In this manner, one is led either to a solution of a specified form or to a 
contradiction. 

In the third proof of Theorem 1.1, the given equation was X? + Y? = pM, 
to be solved in integers. The size of a solution (X, Y, M) was measured by M 
and a solution was sought with M = 1. 

When solution “size” is a positive integer M, the possibility of a contradic- 
tion arises. Namely, an infinite descent M, > M, > M,> --- > 0 is impos- 
sible. The Pythagorean proof that ¥2 is irrational, or equivalently that 
X = Y = 0 is the only integer solution of the equation X? = 2Y7’, produces a 
contradiction in just this way. 

Sums of four squares can also be studied by descent. We prove next 
Lagrange’s famous theorem. 


Theorem 7.4. Lagrange’s Four Squares Theorem. Every positive integer is a 
sum of four squares. In other words, for every positive integer n there exist 
integers x, y, z,w such that x7 + y*?4+ z2*+w7=n. 


We require two lemmas of Euler. 


Lemma 7.5. Euler. If two integers are each sums of four squares, then so is 
their product. 


Proof. 
(x? + y?+4+ 274 w?)( x"? + yy? 4 2/7 4 w’?) 
= (xx! + yy’ + zz’ + ww’)? + (xy’ — yx’ + wz’ — zw’) 


+ (xz’ — zx’ + yw’ — wy’)” + (xw’ — wx’ + zy’ — yz’). | 


Lemma 7.6. Euler. For every odd prime number p there exist x, y © Z such 
that x? + y* = —1 (mod p) and0 < x, y<(p-—1)/2. 


Proof. Let p be an odd prime number. The (p+ 1)/2 integers x? for 
O<x<(p-—1)/2 belong to (p+ 1)/2 distinct congruence classes mod p. 
Similarly, the integers —1 — y? for 0 < y < (p — 1)/2 belong to (p + 1)/2 
distinct congruence classes mod p. But the p + 1 numbers x* and —1 — y? 
cannot lie in distinct congruence classes mod p since there are only p such 
classes in all. For some x and some y we must have x* = —1 — y* (mod p). 

a 


Proof of Theorem 7.4. From Lemma 7.5 we learn that it will be sufficient to 
prove that every prime number is a sum of four squares. This is because 
1 = 174+ 07+0*+0? and every integer greater than 1 is a product of 
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primes. After noting that 2 = 17 + 1° + 0? + 0? we can restrict attention to 
odd primes. 
Let p be an odd prime. We will prove that p is a sum of four squares. 
With x and y as in Lemma 7.6 we have the equation x* + y? + 17+ 0? = 
mp for some m€Z with 1 <m <p. So we can begin our descent with 
integers x, y, Zz, w such that 


x*+y?+2z*+w*=mp, 1l<m<p. (7.7) 


If m = 1, we are done. If m > 1, we will show how to modify x, y, z, w to 
X, Y, Z,W such that X* + Y* + Z*7 4+ W* = m’p with m’ € Z,1 < m' <m. 
The proof is then completed just as was the proof of Theorem 1.1. 

We describe the modification process. Assume m > 1. 

If m is even, then an even number of the integers x, y, z, w are odd. After 
relabelling if necessary, then either all four are even, all four are odd, or x and 
y are even and z and w are odd. In all three cases we can write 


=a (=) z+w)\? z—w\* m 

+ 4 + =—-p. 

| 2 2 | | 2 | | 2 | a 

So we take X, Y, Z, and W to be (x + y)/2 and (z + w)/2 with m’ = m/2. 
Now suppose that m> 1 is odd. Let x’ =x, y’ =y, z’ =z, and w’ = 


w (mod m) with |x’|, |y’|, |z’|, |w’| < _m/2. As in the proof of Theorem 1.1 we 
easily deduce that 


x? +y?+4+727+4w"%=m'm withm’ €Zandl1<m'<m. (7.8) 
Multiplying (7.7) and (7.8) gives 


mm'p = (x? + y? +27 4+ w?)(x? + y? + 2? + Ww?) 


a> +b*4+c*?+d’, (7.9) 


where a, b, c, and d are given in the proof of Lemma 7.5. Upon remarking 
that a, b, c, and d are all divisible by m, we can take X = a/m, Y = b/m, 
Z =c/m, and W = d/m. It follows as desired that X? + Y? + Z?74+ W? = 
m'p with 1 < m’ < m. | 


Exercises 
1. Let p be a prime number. Prove that X¥ = Y = Z = 0 is the only integer 
solution of the equation X? + pY? + p?Z? = 0. 


2. i. Let p be a prime number such that x? = —2 (mod p) has a solution. 
Prove that there exist integers X, Y such that X? + 2Y? = p. 


6. 


li. 


ii. 
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Let p be a prime number congruent to 5 or 7 mod 8. Prove that there is 
no integer x such that x* = —2 (mod p). 

Let p be a prime number congruent to 7 mod 8. Prove that there is an 
integer x such that x* = 2 (mod p). (Hint: Express —1 and —2 as 
powers of a primitive root mod p.) 


. Let p be a prime number such that x? = 2 (mod p) has a solution. 


Prove that there exist integers X,Y such that X? — 2Y? = p. (Hint: 
After a descent closely modelled on that of the proof of Theorem 1.1, 
you will arrive at the equation X* — 2Y? = m’p where 1 < |m’ < p. If 
m’ < 0, use the identity (X + 2Y)* —2(X + Y)? = -(X? — 2Y°).) 
Let p be a prime number congruent to 3 or 5 mod 8. Prove that there is 
no integer x such that x* = 2 (mod p). 

Let p be an odd prime number. Prove that the following three asser- 
tions are equivalent. (a) X* — 2Y* = p has a solution in integers X, Y. 
(b) X? = 2 (mod p) has a solution. (c) p = +1 (mod 8). (See Exercises 
2.13 and 7.2111.) 


. Let p be an odd prime number. Prove that the following three assertions 


are equivalent. (a) X* + 2Y? = p has a solution in integers X, Y. (b) 
X* = —2 (mod p) has a solution. (c) p = 1 or 3 (mod 8). (See Exercises 
2.13, 7.2, and 7.3ii.) 


Let n be a positive integer. Give a necessary and sufficient condition in 
terms of the prime factorization of n that there exist integers X, Y such 
that X7 + 2Y* =n. (See Exercises 3.3 and 3.4.) 


. Let x, y, z be positive integers such that x? + y* = z”, GCD(x, y) = 1, 


and y is even. Show that (z + x)/2 and (z — x)/2 are square integers. 
Conclude that there exist positive relatively prime integers a, b of opposite 
parity such that x = a* — b*, y = 2ab, and z = a’ + b’. 


1. 


Prove that there do not exist three integers X, Y, Z with XY # 0 such 
that X* + Y* = Z?. (Sketch of solution: Given positive integers X, Y, Z 
with X* + Y* = Z*, construct positive integers x, y, z such that x* + 
y* = z* and0 <z < Z, then deduce a contradiction. If GCD(X, Y) > 1, 
there is an easy construction, so assume that GCD(X, Y) = 1 and that 
Y is even. Using Exercise 5, show that there exist positive integers a, b 
such that X? = a? — b*, Y? = 2ab, and Z = a? + b’. Similarly, find 
positive integers /, m such that X = 1? — m?, b = 2lm, and a = [7 + m’. 
From (Y/2)* = alm, conclude that a,/,m are squares, say | = x’, 
m=y*,a=2z".) 

Prove that there do not exist integers X, Y, Z with XY # 0 such that 
Xe Yo = 7 
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7. i. Prove that there do not exist integers X, Y, Z with XY # 0 such that 
X44 Y* = Z*. (Hint: Take the same approach as in Exercise 61. If 
GCD( X,Y) =1 and Y is odd, the descent is quite similar. If 
GCD( X, Y) = 1 and Y is even, the descent is simpler, requiring only 
one application of Exercise 5.) 


ii. Prove that the equation y* = x° — x has no rational solution (x, y) € 
@? other than y =0, x =0,+1. Sketch a graph of the curve y* = 
x? — x. (Hint: Let r? = 5s? —s where s = a/b is a reduced fraction 
with b > 0. Show that ab(a* — b*) is a square. Show that if a > 0, then 
there are integers x, y, z such that a = x”, b = y*, a* — b? = z*. Thus 
y* + z* = x4. Conclude that s = 1. Make a similar argument if a < 0.) 


8. Prove that there do not exist three integers X, Y, Z with XYZ # 0 such 
that X? + Y? = Z>. (Sketch of solution: Given X, Y, Z with X? + Y? = Z°? 
and XYZ # 0, produce x, y, z with x? + y? = z? and 0 < |xyz| < |XYZ|. 
This can be done as follows. Assume that GCD(X, Y) = 1 and that X and 
Y are odd. Write X = p + q, Y = p — q with relatively prime integers p, q, 
and show that 2p(p? + 3q7) = Z°. Case 1. If 3 + p, show that 2p and 
p* + 3q? are relatively prime and hence both cubes. Thus by Exercise 4.6iii 
there exist integers a, b with p = a? — 9ab’, g = 3a*b — 3b’. From 2p = 
2a(a — 3b)(a + 3b) = cube, conclude that there exist integers x, y, z such 
that a — 3b = x?, a+ 3b = y?, 2a =z’. Case 2. If 3|p, then 6p - (q? + 
3( p/3)”) = Z? where the two factors are relatively prime. By Exercise 
4.6iii, p/3 = 3a*b — 3b°. From 6p = 27 - 2b(a — b)\(a + b) = cube, show 
that there are integers x, y, z such that 2b = x7, a—b=y?,a+b=z?) 


9. Prove that the congruence X? + Y* = a (mod p) has a solution for every 
integer a and every prime p. 


8. Reduction of Positive Definite Binary Quadratic Forms 


Definition. A real binary quadratic form F (or just a form) is a polynomial in 
the two variables X, Y of the shape F = F(X, Y) = aX? + bXY + cY? with 
real coefficients a, b,c. 

It is integral iff a, b,c © Z. 

Its discriminant A = A(F) is defined by the formula A = b* — 4ac. 

It is positive definite iff A < 0, a> 0, and c > 0. 

An integral form is said to represent an integer n iff the equation aX? + 
bXY + cY? =n has a solution in integers X, Y. 
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The terminology positive definite is justified by the calculation 


b = iN 
F( X,Y) = aX? + bXY+cY’*=a X+—yY) -—yY? 
2a 4a 


which shows that precisely for positive definite forms, if (x, y) € R? and 
(x, y) # (0,0), then F(x, y) > 0. 

The polynomial X?+ Y? is a positive definite integral binary quadratic 
form of discriminant —4. Fermat’s Theorem 1.1 asserts that it represents every 
prime number that is congruent to 1 mod 4. 

We wish to give a proof of Theorem 1.1 that exploits the fact that different 
integral forms of the same discriminant may represent exactly the same sets of 
integers. A simple example of this phenomenon is provided by the two forms 
X*+ Y7 and(X + Y)*? + Y* = X74+2XY 4 2Y?. 


Definition. GL,(Z) is the multiplicative group of 2 x 2 matrices g = & *) 
such that r, s,t,u © Z and det g = +1. 
SL,(Z) is the subgroup of matrices in GL,(Z) with determinant +1. 


Definition. For a form F = aX? + bXY + cY? and a matrix g = (" \= 
GL,(Z), we define the form gF by the formula 


gF = a(rX+tY)’ + b(rX + tY)(sX + uY) + c(sX + uY)’. 
That is, gF is gotten from F' by making the substitution 


X-rxX +tY, 
YosX + uy. 


Lemma 8.1. 1. The formula of the preceding definition is a group action of 
GL,(Z) on the set of forms. That is, @ °) = F and g,(g,F) = (2)8))F, 
where g,, g, © GL,(Z) and F is a form. 

uu. ACF) = A(gF) for g € GL,(Z), F a form. That is, the action of GL,(Z) 
on forms leaves the discriminant invariant. 

i. If F is positive definite or integral, then so is gF for all g © GL,(Z). 


Proof. This lemma may be verified by straightforward calculations. 
A more illuminating proof can be given by resorting to matrix notation as 
follows. 
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Write 
b 
A _ 
2 2 2 |(X 
F = aX*+bxXY+4+cY?=(X Y) b vy} 
— Cc 
2 
Note that 
b 
o 9 
A( F) = —4det b 
7 Cc 
Let g € GL,(Z). Then 
b 
a 2 x 
o- t 
gF=(X Y)g| , (+). 
5 Cc 


where ‘g is the transpose of the matrix g. 

Now i results from the equality ‘(g,2,) =‘g,g,. Using the multiplicativity 
of the determinant, we calculate A(gF) = (det g)A(F)(det‘g). Since det g = 
det ‘g and (det g)* = 1, we find that A(gF) = A(F), which is ii. 

We leave ili as an exercise. a 


Definition. Two forms F and F’ are equivalent iff there exists g € GL,(Z) 
such that gF = F’. If there exists g © SL,(Z) such that gF = F’, we say that 
F and F’ are properly equivalent. 


The equivalence (respectively, proper equivalence) classes of forms are just 
the orbits of the action of GL,(Z) (respectively, SL,(Z)) on the set of forms. 
The relevance of form equivalence to number theory is given by Lemma 8.2. 


Lemma 8.2. Integral forms that are equivalent represent precisely the same 
integers. 


Proof. Let F be an integral form and let g € GL,(Z). 


If F(x, y) =n, then (gF)((x, y)g_') =n, as is seen most directly in the 
matrix notation of the proof of Lemma 8.1. Clearly, if (x, y) € Z?, then 
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(x, y)g 1! € Z? also. Thus gF represents every integer that F represents. A 
symmetric argument proves the reverse inclusion. a 


We begin the study of the set of proper equivalence classes of definite forms 
with the next proposition. 


Proposition 8.3. i. Every positive definite integral form is properly equivalent 
to a form F = aX* + bXY + cY? such that |b] <a<c. 
ii. If |b] < a < c and A = b? — 4ac < 0, then a < ylAl//3. 


Proof. A positive definite integral form F = aX? + bXY + cY? that does not 
satisfy |b] <a <c can be modified within its proper equivalence class as 
follows. If c <a, “permute” X and Y by replacing F with (_° \\F = 


cX* — bXY + aY’. If |b] > a, replace F with (? V)P ax? + 
(b + 2an)XY + c’Y* where n € Z is chosen so that |b + 2an| < a. By alter- 
nating these two modification procedures we are led to a sequence of forms 
F,=a,X* + b,XY + c,Y? such that a, >a,,, and a, > a, 5. Since the a, 
are all positive integers, the sequence must stop. This can only happen when 
|b,| < a, <c, as desired. 

Part ui results from the calculation 


4a* <4ac=b*—A<a’*—-A. a 


Corollary 8.4. There is only a finite number of proper equivalence classes of 
positive definite integral forms of a given discriminant. 


Proof. By Proposition 8.311 there are only finitely many positive definite 
integral forms aX* + bXY + cY? of discriminant A such that |b] < a < c. By 
Proposition 8.31 there is at least one in every proper equivalence class. a 


Corollary 8.5. All positive definite integral forms of discriminant —4 are 
properly equivalent. 


Proof. We list the positive definite integral forms aX? + bXY + cY° of dis- 
criminant —4 such that |b] < a < c. By Proposition 8.311 such a form satisfies 
a< (4/3. Hence a = 1 and b = 0, +1. Since A = b* — 4c = —4, b is even. 
Thus b = 0 and c = 1. So our list is the single form X* + Y?. 

Therefore, by Proposition 8.3i, all positive definite integral forms of dis- 
criminant —4 are properly equivalent to the same form X* + Y?. Hence they 
form a single proper equivalence class. Bw 


REDUCTION OF POSITIVE DEFINITE BINARY QUADRATIC FORMS 59 
We can now easily prove a strengthened version of Theorem 1.1. 


Theorem 8.6. Every positive definite integral form of discriminant — 4 (includ- 
ing X* + Y7) represents every prime number that is congruent to 1 mod 4. 


Proof. Let p be a prime number congruent to 1 mod 4. Since by Lemma 8.2 
and Corollary 8.5 all positive definite integral forms of discriminant —4 
represent the same integers, we need only prove the existence of a single such 
form that represents p. 

By Lemma 1.4 there exists m © Z such that m? = —1 (mod p). Then 
(2m)* = —4+ np for some positive n € Z. Clearly np is a multiple of 4, 
from which it follows that n is a multiple of 4 as well. Thus the form 
F(X, Y) = pX* + 2mXY + (n/4)Y? is integral positive definite of discrimi- 
nant —4. It represents p, since F(1,0) = p. So we have found what we 
needed. a 


We conclude Section 8 with a refinement of Proposition 8.31 that makes 
possible the enumeration of the proper equivalence classes of positive definite 
integral forms of a fixed discriminant. 


Definition. A positive definite form aX* + bXY + cY? is reduced iff |b| < a 
< c; and in case |b| = a, then b = a; and in case a = c, then b > 0. 


Theorem 8.7. There is a unique reduced form in every proper equivalence 
class of positive definite integral forms. 


Proof. Existence. By Proposition 8.31 every positive definite integral form is 
properly equivalent to a form F(X, Y) = aX* + bXY + cY® such that |b| < 
asc. 

If b = —a, then (2 °F is reduced. If a = c and b < 0, then ( Z \\F is 
reduced. Hence there is a reduced form in every proper equivalence class. 
Uniqueness. Let F(X, Y) = aX* + bXY + cY’ bea reduced positive definite 
integral form. We first prove that the following is a complete list of all 
solutions (x, y) € Z? of the inequality 0 < F(x, y) < a: 


8 .8i. (x, y) = (+1,0), F(x, y) =a, 
8.811. a=, (x, y) = (0, +1), F(x, y) =a, 
8.81. b=a=c, (x,y) = (1, -1), F(x, y) =a. 
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Indeed ax* + bxy + cy? = a(x + (b/2a)y)* + (JA|/4a)y* < a implies 
y* < 4a’/|A| < 4/3, where the final inequality results from Proposition 8.3ii. 
Hence y = 0, +1. If y = 0, then x = +l and F(x, y) = a asini. If y = +1, 
we must solve ax* + bx + c < a. Since |b| < a and x © Z, we have ax? + bx 
> 0. But a <c, so a solution is possible only if a = c. Suppose that a =c 
and let y=e= +1. The equation to be solved is now ax? + ebx = 
(ax + €b)x = 0. This is easily analyzed, leading to 11 and 111. 

We conclude immediately that a is the smallest positive integer represented 
by the reduced form F. 

Let now F = aX*+ bXY+cY? and F’ =a'X? 4+ b'XY + c’Y’ be two 
properly equivalent reduced positive definite integral forms. Necessarily a = a’, 
because a and a’ can be described purely in terms of the integers represented 
by F and F’, which are the same by Lemma 8.2. 

Let g = (" Ne SL,(Z) satisfy F’ = gF. 

Suppose c > a. The calculation a = a’ = ar? + brs + cs* together with 
(8.8) shows that s = 0. Since det g = 1, we have ru = 1. Hence b’ = b + 2art 
= b (mod 2a). Since |b], |b’| < a, it follows that either b = D’ or |b| = |b’| = a. 
As F and F’ are reduced, we get b = b’ either way. But F and F’ have the 
same discriminant, so a =a’ and b=b)’ imply that c= c’ as well. Thus 
F= F’, 

Suppose that c = a. The preceding paragraph shows c’ > a’ is impossible. 
Hence a = a’ = c = c’. Discriminant considerations immediately prove that 
b = +b’. But since F and F” are reduced, b > 0 and b’ > 0. Once again, we 
conclude that F = F’. | 


Exercises 


1. Let A € Z. Prove that there is an integral form of discriminant A if and 
only if A is congruent to 0 or 1 mod 4. 


2. Let F(X, Y) = 10X* + 14XY + 5Y?. Find g € SL,(Z) such that gF = 
X*+ Y*. From g and the equation 47 + 97 = 97, find all integer solu- 
tions (X, Y) to F(X, Y) = 97. 


3. i. Prove that there is just one proper equivalence class of positive definite 
integral forms of discriminant — 3. Show that if p is an odd prime for 
which X? = —3 (mod p) has a solution, then there exist integers x, y 
such that x* + xy + y? =p. 

ii. Prove that if p is an odd prime for which X* = —7 (mod p) has a 
solution, then there exist integers x, y such that x7 + xy + 2y? = p. 


4. List all reduced positive definite integral forms of discriminants A such 
that |A| < 23. 
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5. Prove that in every equivalence class of positive definite integral forms 
there is a unique form aX? + bXY + cY* such thatO <b<a<c. 


6. This exercise sketches an important geometric approach to Proposition 8.3 
which applies to positive definite forms with real (not necessarily integral) 
coefficients. Let H = {7 € C|Im7r > 0} be the complex upper half plane. 


Show that for positive definite F(X, Y) = aX* + bXY + cY* there is 
a unique t = 7(F') € H such that F(X, Y) = a(X — rY)(X — TY). 
Prove that the map F — 7 is a bijection between the set of positive 
definite forms of a fixed discriminant and H. 


r 


For g= & ‘je SL,(Z) and rE H, let gr =(rt + 5)/(tr + vu). 
Show that gr € H. Prove that this definition of gr gives a group 
action of SL,(Z) on H. 


For F positive definite and g © SL,(Z), show that r(gF) ='g'1(F). 
Prove that two positive definite forms F and F’ of the same discrimi- 
nant are properly equivalent if and only if r(F’) and 7(F’) are in the 
same SL,(Z) orbit. 


iv. Let + € H. Show that there is an element 7’ of the SL,(Z) orbit of + 


that has maximal imaginary part. Show that there exists n © Z such 
that 7” = e n\n" satisfies [Re 7”| < 4. By considering : ee 
prove that |r”| => 1. Conclude that every SL,(Z) orbit in H contains at 


least one element 7 € D = {z € A||z| = 1, |Rez| < 5}. Sketch D. 


. Prove that every proper equivalence class of positive definite real 


binary quadratic forms contains at least one form aX* + bXY + cY? 
such that |b] <a<c. 


7. Let A be a positive integer that is not a square. 


iv. 


By imitating the proof of Proposition 8.3, show that every integral 
form of discriminant A is properly equivalent to a form aX* + bXY 
+ cY* such that |b] < |a| < |c|, and that such a form satisfies ac < 0, 
|a| < 1VA 

Prove that there is only a finite number of proper equivalence classes 
of integral forms of discriminant A. 


Show that every integral form of discriminant A = 5 (resp. A = 8) is 
properly equivalent to X2 + XY — Y? (resp. X* — 2Y7). 


Prove that if p is an odd prime for which X* = 5 (mod p) has a 
solution, then there exist integers x, y such that x* + xy — y* =p. 


8. Let m be a positive integer, and let A = m7’. 


Show that for every integral form F(X, Y) of discriminant A there 
exist integers x, y not both zero such that F(x, y) = 0. 
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10. 


11. 


12. 


13. 


14. 
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li. Show that every integral form of discriminant A is properly equivalent 
to a form F = aX* + bXY where |b| = m. By consideration of gF 
where g = (" ‘je SL,(Z), t = m/d, u = a/d, and d = GCD(™m, a), 
show that one can take b = +m in the preceding sentence. 

iii. Show that every proper equivalence class of integral forms of discrimi- 
nant A contains a unique form aX? + mXY such that —m/2 <a < 
m/2. Thus there are exactly m such proper equivalence classes. 


. Prove that every integral form of discriminant A = 0 is properly equiv- 


alent to a unique form F = aX”. 


Prove that the two forms X* + 3Y* and X?+ XY + Y? represent the 
same integers, but that they are not equivalent. 


Write three computer programs to perform as follows. 
i. Input: A positive definite integral form f. 
Task: To produce g € SL,(Z) such that gf is reduced. 
li. Input: Two positive definite integral forms f and f’. 
Task: To determine whether f and f/f’ are properly equivalent and if 
so to produce g € SL,(Z) such that gf = f’. 
iii. Input: A negative integer A. 
Task: To list all reduced positive definite integral forms of discrimi- 
nant A. 


Prove that every integral form of discriminant A < 0 represents some 
integer n # O such that |n| < y|A//3. 


Prove that every integral form of nonsquare discriminant A > 0 represents 
some integer n # 0 such that |n| < }VA. (See Exercise 7.) 


Prove that for every g © GL,(Z) of order 4 (resp. order 3) there exists 


y € GL,(Z) such that ygy~? = & 4) (resp. ygy i= & ai). 


CHAPTER 3 
Quadratic Reciprocity 


1. Introduction 


In this chapter we solve the problem: Given an integer A, describe the set of 
prime numbers that can be represented by an integral binary quadratic form 
of discriminant A. 

We solved this problem for discriminant A = —4 during our study of the 
form X* + Y?. The set of primes p in question in that case is describable by 
congruence conditions, namely, p = 2 and p = 1 (mod 4). A similar thing is 
true in the general case though it is much harder to prove. 

The first step is easy. 


Proposition 1.1. Let A € Z be congruent to 0 or 1 mod 4, and let p be an odd 
prime number. Then the following two assertions are equivalent. 

1. There is an integral binary quadratic form of discriminant A that 
represents p. 

2. The congruence X* = A (mod p) has a solution. 


A thorough study of quadratic congruences is clearly suggested. The suc- 
cessful completion of such a study by the teenage Gauss is one of the great 
stories of mathematics. It will be the subject of the present chapter. 

The key technical lemma, which was discovered by Euler and proved by 
Gauss, is known as the Law of Quadratic Reciprocity. 


Proposition 1.2. The Law of Quadratic Reciprocity. Let p and q be distinct 
odd primes. 
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Then X? = g (mod p) has a solution if and only if X* = p (mod gq) has a 
solution, unless p = g = 3 (mod 4), in which case one of the two congruences 
has a solution and one does not. 


It is just a short hop to the definitive statement. 


Theorem 1.3. Let a be an integer that is not a square. 

There exists a surjective group homomorphism x: U,, — {+1} such that 
the following two conditions are equivalent for all odd primes p that do not 
divide a. 

1. X* = a (mod p) has a solution. 


2.x(p)=l. 


The remarkable feature of Theorem 1.3 is that the condition that X* = a 
(mod p) be solvable can be stated as a congruence condition (mod 4a) on the 
prime p. We have already seen this in the case a = —1. The existence of the 
homomorphism x, called the Kronecker symbol, is so important that state- 
ments like Theorem 1.3 and its generalizations have themselves come to be 
called reciprocity laws. Classical quadratic reciprocity Proposition 1.2 can be 
easily deduced from Theorem 1.3. 

In Section 10 we will prove Proposition 1.1 and combine it with Theorem 
1.3 to give a complete solution to the motivating problem of the representabil- 
ity of primes by binary forms of a given discriminant. 

There is a discussion of quadratic congruences with composite moduli, 
including the widely useful Chinese Remainder Theorem, in Section 2. 

In Section 3 we introduce the Legendre symbol, which makes it possible to 
formulate the Law of Quadratic Reciprocity as an equation. 

Gauss discovered eight proofs of the Law of Quadratic Reciprocity. In this 
chapter we present variants of his first (1796), third (1808), fourth (1805), and 
sixth (1818) proofs. (His second (1801) proof will be given in Chapter 5.) I like 
them all. 

In Section 4 we give Gauss’s and the world’s first proof. It has been called 
ugly, but I do not agree. It is a computationally based induction on the 
maximum of the two primes p and g, which strikes me as quite natural. 

Textbook tradition has declared that the simplest proof of quadratic 
reciprocity is the variant of Gauss’s third proof that we reproduce in Section 5. 
It is a combinatorial proof based on one of the many famous Gauss Lemmas. 

Routes to quadratic reciprocity via the trigonometric sums now called 
Gauss sums have proved more suggestive than either of the preceding. We 
explore two such in Sections 6 and 7. The proof in Section 7 is perhaps the 
most significant, pointing as it does toward contemporary algebraic number 
theory from higher reciprocity to class field theory. It is also very simple. 


COMPOSITE MODULI 65 


Section 8 emphasizes the practical aspects of the reciprocity law. We discuss 
the evaluation of the Legendre symbol. An interesting digression on a prob- 
abilistic method to search for large prime numbers is included. 

The Kronecker symbol is constructed in Section 9. With it comes the proof 
of Theorem 1.3. 


Exercises 


1. Let p #5 be a prime number. Deduce from Proposition 1.2 that the 
congruence X* = 5 (mod p) had a solution if and only if p=1 or 4 
(mod 5). 


2. Determine explicitly the homomorphism x of Theorem 1.3 for the case 
a = 3. 


2. Composite Moduli 


The theory of congruences is the study of equations in the rings Z /m. It is in 
some respects simplest for prime moduli m, for in that case Z/m is a field and 
techniques from geometry can be applied most easily. Much is known, but 
more is conjectured. 

Two important theorems, the Chinese Remainder Theorem and Hensel’s 
Lemma (Newton’s Method), sometimes together reduce questions in com- 
posite moduli to simpler questions in prime moduli. We will prove the first of 
these theorems and present a special case of the second in this section. 

We begin with the possibility of reducing to prime power modulus. 


Proposition 2.1. Let m,,m,,...,m,<€ Z be positive and pairwise relatively 
prime. 

i. The following two conditions are equivalent for every pair of integers x 
and y. 


1. x = y (mod mm, --- m,). 
2. xX = y (mod m,) for all i = 1,2,...,r. 
u.f\i_ym,Z =m ym, --- m,Z. 


Proof. It is clearly enough to prove i in the case y = 0, which is identical 
with ii. 
Suppose x = 0 (mod m,) for all i. We will prove that x = 0 (mod mm, 
- m,) by induction on r. The first case is r = 2. Since GCD(m,, m,) = 1, 
there are a,b © Z such that am, + bm, =1. We have am,x + bm,x = x, 
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where the terms on the left are both divisible by m,m.,, the first because m,|x 
and the second because m,|x. Thus m,m,|x. If r > 2, apply an inductive 
hypothesis to the sequence m,m,,m,,...,m, of r—1 pairwise relatively 
prime divisors of x. a 


The comparison of the rings Z/m with different m inevitably involves 
consideration of homomorphisms between them. Let d and m be nonzero 
integers such that d|m. There is a containment dZ > mZ of ideals of Z. In 
the usual way this gives a surjective ring homomorphism Z/m — Z/d that 
maps x=x+mZ€EZ/m to x=x+dZeEZ/d for every x € Z. This 
homomorphism is the subject of the Chinese Remainder Theorem. 


Theorem 2.2. Chinese Remainder Theorem. Let m,, m,,...,m, <€ Z be posi- 
tive and pairwise relatively prime. 
1. Let a,, a5,..., a, € Z. There exists x € Z such that x = a, (mod m,) 


forl <i<r. 
i. The map f: Z/m,m, --- m,> Z/m, X Z/m, xX --: XZ/m,, f(x) = 
(x, X,..., X), 1S an isomorphism of rings. 


Proof. i. Let n; = (mm, --- m,)/m,. Then GCD(n,, m;) = 1, so there exists 
y; © Z such that n,y, = 1 (mod m,). Let x; = n,y,. We have the congruences 
x; = 1 (mod m,;) and x; = 0 (mod m,) for j # i. Therefore, x = a,x, + ax 
+ +++ +a,x, = a, (mod m,) for all i. 

ii. Surjectivity by Theorem 2.21 and injectivity by Proposition 2.1. Observe 
that we actually constructed the inverse of f in the proof of 1. a 


It is worth noting that the existence of a byection between the rings of 
Theorem 2.211 that is required to preserve only the additive structures is even 
simpler to prove. Such additive isomorphisms are not unique. The following 
will be useful to us later. 


Proposition 2.3. Let m,n be nonzero relatively prime integers. 
The function f: Z/m ® Z/n > Z/mn, f(x, y) = nx + my, is an isomor- 
phism of additive abelian groups. 


Proof. Note that f is indeed well defined. It is also easily verified that f is a 
homomorphism. 

Let z= ae€Z/mn. By Proposition 4.1 of Chapter 1 there exist x, y € Z 
such that nx + my =a. Therefore, z =a lies in the image of f. We have 
proved that f is surjective. 

Finally, suppose that f(x, y) = 0. This means that nx + my © mnZ. Then 
Lemma 3.6 of Chapter 1 implies that x € mZ and that y € nZ. Therefore f 
is injective. a 
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The next proposition is the application of the Chinese Remainder Theorem 
to the reduction of modulus in congruence equations. 


Proposition 2.4. Let f(X) € Z[X]. Let m,,...,m, be positive pairwise rela- 
tively prime integers. Then the following two conditions are equivalent. 


1. f(X) = 0 (mod mm, --- m,) has a solution. 
2. f( X) = 0 (mod m,) has a solution for i = 1,2,..., r. 


Proof. 1 = 2. Every solution x € Z of congruence 1 is a solution of all the 
congruences 2. 

2 = 1. Suppose that all the congruences of 2 have solutions. For each i let 
x; © Z be such that f(x,) = 0 (mod m,). By Theorem 2.2i choose x € Z such 
that x = x, (modm,) for 1 <i <r. Then f(x) = 0 (mod ™m,) for all i, and 
thus by Proposition 2.11 we have f(x) = 0 (mod mm, --- m,). a 


In most applications of Proposition 2.4 the integers m, will be powers of 
distinct primes. It is natural to wonder whether a further reduction from prime 
power modulus to prime modulus is possible. Rather than address this 
question in full generality, we choose to treat the special case of quadratic 
congruences which is all that we will need in the sequel. 


Proposition 2.5. 1. Let a © Z and let p be an odd prime not dividing a. Then 
the congruence X? = a (mod p”) has a solution for every n > 1 if and only if 
X* = a (mod p) has a solution. 

Moreover, if solutions exist, then X* = a € Z/p” has exactly two solutions 
in Z/p” for every n > 1. 

ii. Let a be an odd integer. Then the congruence X”? = a (mod 2”) has a 
solution for every n > 3 if and only if X? = a (mod 8) has a solution if and 
only if a = 1 (mod 8). 

Moreover, if solutions exist, then X? = a € Z/2” has exactly four solu- 
tions in Z /2” for every n > 3. 


Proof. i. Let n> 1 and let x € Z satisfy x? = a (mod p”). We prove that 
there exists y € Z such that y? =a (mod p”*') and y = x (mod p”), and 
that y is unique mod p”*? (ie., y € Z/p”*" is unique). 

Write x* = a + bp”. We determine all z € Z such that y* = a (mod p”*!) 
with y = x + zp”. Calculation shows that 


y? = (x + zp")* =a 4 (2xz + b)p” (mod p”*?). 


The condition on z is that 2xz = —b (mod p). Such z exist because p + 2x. 
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Moreover, z is uniquely determined mod p, which proves that y is unique 
mod p”*!, as claimed. 

We have produced a map from solutions x of the equation X? = a € Z/p” 
to solutions y of the equation X? = a € Z/p”*!. It is inverse to the natural 
map y + Z/p"*! + y+ Z/p” on solutions, which is therefore a bijection. An 
induction quickly shows that the number of solutions of the equation X* = a 
© Z/p” is the same for all n > 1. Since Z/p is a field, p is odd, and p ¢ a, 
this number is 0 or 2. 

If x is one solution of the congruence X* = a (mod p”), then —x is the 
other. 

ii. Let n > 3. The solutions of the congruence X* = a (mod 2”) come in 
pairs. If x, € Z is a solution, then so is x, = x, + 2”-'. We prove that there 
is a unique member x, of each such pair for which there exists y € Z such that 
y* =a (mod 2"*") and y = x, (mod 2"), and that there are exactly two such y 
mod 2”*}, 

Write x? = a + b,2”. Computation shows that y, = x, + z- 2” satisfies the 
congruence y~ = x? (mod 2”*?) for all z € Z. Thus y? = a (mod 2”*?) if and 
only if b, is even. But 5, and b, = b, + x, + 2”-? have opposite parity 
because n > 3 and x, 1s odd, so exactly one of b,, b, is even. This proves the 
existence part of the assertion. There are exactly two integers y mod 2”*! as 
required because y, is determined mod 2”*? by the parity of z. 

For each n > 3 let S, denote the set of solutions of the equation X* =a © 
Z/2". Let g: S,,, > S, be the natural map x + Z/2"*' > x + Z/2”. Both 
members of a pair of solutions in S,,, as above have the same image under g, 
sO g is two-to-one. Thus |im g| = |S,,,|/2. Also lim g| = |S,|/2, because the 
image of g contains exactly one member of each pair of elements in S.. 
Therefore, the number of solutions of X* = a € Z/2” is the same for all 
n > 3. Consideration of the case n = 3 shows that this number is 4 if a = 1 
(mod 8) and is zero otherwise. 

If x is one solution of the congruence X* = a (mod 2”), then the other 
three are x + 2”-1, —x, and —x + 2”7}, iI 


Theorem 2.6. Let a and m be nonzero relatively prime integers. Write 
m = 2°d where d is odd. The following two conditions are equivalent. 


1. X* =a (mod ™m) has a solution. 


2. X* =a (mod p) has a solution for every odd prime divisor p of m and 
a=1 (mod4) if b= 2, 
a=1 (mod8) ifb>3. 


Proof. Immediate consequence of Propositions 2.4 and 2.5. a 


10. 
11. 
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Exercises 


. Find all integers x that x = 1 (mod17), x =2 (mod19), and x = 3 


(mod 23). 


. Show that x = 70a + 21b+ 15c satisfies the three congruences x = a 


(mod 3), x = b (mod 5), and x = c (mod7). Find a solution of a similar 
form for the system x = a (mod5), x = b (mod7), and x = c (mod 11). 


. Find the remainder when ((92)??’ + 100)” is divided by 23 - 199. 
. Prove that a®° = 1 (mod 561) for all integers a such that GCD(a, 561) = 1. 


Let x, y, z © Z be such that x? + y* = z*. Prove that xyz = 0 (mod 60). 


. Let N be a positive integer. Prove that there exist N consecutive positive 


integers each of which is divisible by the tenth power of an integer greater 
than 1. 


. Let m,, m, be positive integers and let a,, a, € Z. Prove that there exists 


x € Z such that x = a, (mod™m,) and x =a, (mod m.,) if and only if 
a, = a, (mod GCD(m,, m,)). 


. Prove that the congruence X”? + 2X + 2 = 0 (mod 5”) has a solution for 


every positive integer n. 


. Let f © Z[ X] and let p be a prime number. 


i. Prove that f(a + tp”) = f(a) + tp"f'(a) (mod p”*?) for all a,t € Z 
andn>=1e€Z. 


li. Let a © Z be such that f(a) = 0 (mod p) and f’(a) # 0 (mod p). 
Prove that for every n > 1 there exists b € Z such that b = a (mod p) 
and f(b) =0 (mod p”). Prove moreover that such b is uniquely 
determined mod p”. 

iii. Suppose that the two congruence equations f(X) =0O (mod p) 
and f’(X) =0 (mod p) have no solutions in common. Prove that 
I{ b = Z/p"|f(b) = 0 € Z/p"}| is the same number for all integers 
n>. 


Is Proposition 2.5 a special case of the assertion of Exercise 9111? 


Let p be a prime number and let a = dp’ where r>1 and pt d. Let 
n> -r. Prove that 


if r is odd 


Week os _ 
{x © Z/p"|x* = a} |= p’?-\{y €Z/p"""|y2=d}|_ ifr is even’ 
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3. The Legendre Symbol 


We begin the theory of quadratic congruences with some classical terminology. 


Definition 3.1. The Legendre symbol (a/p) is defined for an odd prime 
number p and an integer a such that GCD(a, p) = 1 by the equation 


| a | 7 | +1 if the congruence X* = a (mod p) has a solution 


—1 if the congruence X? = a (mod p) has no solution | 


The integer a is said to be a quadratic residue mod p iff (a/p) = +l anda 
quadratic nonresidue mod p iff (a/p) = —1. 


Much of this chapter will be concerned with the problem of evaluating the 
Legendre symbol. 

It is clear from Definition 3.1 that (a/p) = (b/p) if a = b (mod p). Thus 
(y/p) can be defined for y © U, by the equation (y/p) = (a/p) where y = a 
with a € Z. Then (y/p) = +1 for y € U, depending on whether the equa- 
tion X* = y has a root in the field Z/p. We will extend the words quadratic 
residue and nonresidue mod p to the elements of U, in the obvious way. 

The elementary properties of the Legendre symbol are collected in the next 
proposition. 


Proposition 3.2. Let p be an odd prime number. 
i. There exist exactly (p—1)/2 quadratic residues and (p — 1)/2 
quadratic nonresidues mod p in U,. 
ii. a‘?~)/? = (a/p) (mod p) for all a € Z such that pt a. 
i. (ab/p) = (a/p)(b/p) for all a, b € Z such that p + ab. 
iv. The function (-/p): U, > {+1} is a surjective group homomorphism 
from U, to the multiplicative group {+1}. 


Proof. i. The set of quadratic residues in U, is the image of the homomor- 
phism sq: U, > U,, sq(y) = y*. The kernel of sq consists of the two roots +1 
and —1 of the equation X* — 1 =0 in Z/p. We can compute: |im(sq)| = 
IU, |/Iker(sq)| = (p — 1)/2. 

ii. By Fermat’s Little Theorem 2.3 of Chapter 2, every element of U, 
satisfies the equation 


(X0POD/2 — 1)( X92 4:1) = X21 - 1 H=0EZ/p. 


Thus every element of U, satisfies one of the two equations: X‘?~/* — 1 = 0 

or X0P~)/2 41 =0. 
If y © U, is a quadratic residue, then y = x? for some x € U,, whence 
ylP-D/2 = xP~1 =] in Z/p. Thus all (p — 1)/2 quadratic residues in U 
P P f 
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satisfy the equation X‘?~)/? — 1 = 0, which can have at most (p — 1)/2 
roots in Z/p by Lemma 2.6 of Chapter 2. The quadratic nonresidues in U, 
must therefore all satisfy the other equation, X'?~/2 +1 = 0. 

We have proved that y?~)/* = (y/p) © Z/p for all y € U,, from which 
the desired result follows. 

iii. Compute (ab/p) = (ab)?~ 2) = av -D/pP-D/ = (a/p\(b/p) 
(mod p). Since —1 # 1 (mod p), we can conclude that (ab/p) = (a/p)(b/p). 

iv. Immediate from ii and 1. | 


The multiplicative law Proposition 3.2111 is the key property of the Legendre 
symbol. It suggests the historical line of investigation, which we follow. 

Let p be an odd prime and let a € Z be relatively prime to p. We can 
factor a, a = +2”71,q/", where the q; are odd primes distinct from p. Then 
Proposition 3.2111 shows that 


a +1\/2\" ee 
a) Ma) BEG) 
P P P i \P 
We are led to focus our attention on the symbols (—1/p), (2/p), and (q/p) 
for distinct odd primes p, g, from which all other Legendre symbols may be 
computed. 

Actually, we do not even need the symbols (—1/p) and (2/p). The 
equations (—1/p) = (2p — 1/p) and (2/p) = (p + 2/p) show that they may 
be computed from knowledge of (q/p) for all prime divisors g of the positive 
odd integers 2p — 1 and p + 2. Nevertheless, it is convenient to state: 


Proposition 3.3. Supplement to the Law of Quadratic Reciprocity. Let p be an 
odd prime number. 


i aes = (-1)? 9? = 1 if p =1 (mod4) 
| P —1 if p =3(mod4) 


il - = (-1) "D4 = 1 if p= +1 (mod8) 
| P —1 if p= +3 (mod8) 


Proof. i. This is just a reformulation of Lemma 1.4 of Chapter 2, on which we 
based the study of the Diophantine equation X* + Y? = n. It also follows 
immediately from Proposition 3.211. 

ii. We first prove that (2/p) = 1 implies p = +1 (mod 8). This will be done 
by induction on p. 

Since (2/3) = (2/5) = —1 and (2/7) = +1, the induction begins with 
p = 7, which is in fact congruent to —1 mod 8 as required. 

Now let p > 7 be an odd prime such that (2/p) = 1, and suppose that 
g = +1 (mod 8) for all primes g < p for which (2/q) = 1. Since (2/p) = 1, 
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we can choose integers u and a, 0 <a < p, such that a* =2 + up. After 
replacing a by p — a if necessary, we may take a to be odd. Clearly then wu is 
odd and 1 < u < p. The inductive hypothesis applies to every prime divisor q 
of u since a* = 2 (mod q), and so every such gq is congruent to +1 (mod 8). 
Because u is a product of these gs, we conclude that u is also congruent to 
+1 (mod 8). Finally, we compute 1 = a* = 24+ up =2 +>: (mod8), which 
shows that p = +1 (mod 8). The induction is complete. 

A completely similar induction proves that (—2/p) = 1 implies p = 1 or 3 
(mod 8). (Details are left as an exercise.) 

Now let p be an odd prime number. 

If p = +3 (mod 8), then the first induction proves that (2/p) = —1. 

If p = —1 (mod 8), then the second induction shows that (—2/p) = —1 
and Proposition 3.31 shows that (—1/p) = —1. By the multiplicative prop- 
erty, (2/p) = (—1/p)(—2/p) = 1. 

If p = 1 (mod 8), let z = y‘?~)/® where y is a primitive root mod p. Then 
z* = —1 (mod p), from which follows (z? — z)? = z*(z*++ 1) -—2z4= 
(mod p). Thus (2/p) = 1. 

We have evaluated (2/p) in all cases. Ee 


We are left to face the basic fact in the theory of quadratic congruences, the 
relation between (p/q) and (q/p) for distinct odd prime numbers p and q 
that is described by Proposition 1.2. We next give three traditional formula- 
tions of this relation, now known as the Law of Quadratic Reciprocity. That 
Proposition 1.2 is equivalent to Proposition 3.4111, which is the statement that 
Gauss preferred, follows from Proposition 3.31. 


Proposition 3.4. The Law of Quadratic Reciprocity: Three Formulations of 
Proposition 1.2 


_ & = (1) P-22-OP, a 


P q 


Bia = (1)? D2 D2. 


q 
p* q Z 
iii. =) = H where p* = (—1)?"?”*p. 
P 


Four quite different proofs of the Law of Quadratic Reciprocity will be the 
subject of the next four sections of this chapter. 
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The importance of quadratic reciprocity will become clear only upon its 
application to the study of integral binary quadratic forms. We can, however, 
begin to discuss its meaning now. 

A good understanding of the Legendre symbol (a/p) viewed as a function 
of a for fixed p can be arrived at through Proposition 3.2. The Law of 
Quadratic Reciprocity enables us to say something interesting about (a/p) as 
a function of p for fixed a. As Euler discovered empirically, the value of 
(a/p) depends upon p only through the congruence class of p mod 4a. This is 
illustrated nicely by the cases a = —1 and a = 2 of Proposition 3.3. 


Proposition 3.5. Let a © Z, and let p and gq be odd prime numbers not 
dividing a such that p = q (mod4a). 
Then (a/p) = (4/9). 


Proof. Write a = +2”II,r, where the r, are odd primes distinct from p and 
q. We will prove: (a) that (—1/p) = (—1/q), (b) that (2/p) = (2/q) if a is 
even, and (c) that (r,/p) = (7,/q) for all i. The proposition will then follow 
directly from an application of the multiplicative property Proposition 3.2111 of 
the Legendre symbol. 

By hypothesis p = q (mod 4), and so (a) is a consequence of Proposition 
3.31. Similarly, if a is even, then p = gq (mod 8) and so (b) follows from 
Proposition 3.311. 

Finally, the congruence p = q (modr,) implies that (p/r,) = (q/r,). If 
P = q = 1 (mod 4), then by Proposition 3.41 we have (7,/p) = ( p/r;) = (q/7) 
= (r,/q). If p = q = 3 (mod4), then Proposition 3.41 shows that (r,/p) = 
(- 1% (pr) = (- YY (G/r,) = (7/4). Thus (c) is proved. a 


Gauss’s statement Proposition 3.4111 prompts the next definition and lemma, 
which will be used occasionally in subsequent sections. 


Definition 3.6. We define m* for an odd integer m by the formula m* = 
(—1)""- 972m. 


Lemma 3.7 
1. |m|* = m* for all odd integers m. 
i. (I1,m,)* =I],m* for odd integers m,. 
ili. (—1)("~ P/? = sign(m - m*) for all odd integers m. 
iv. (—1)("—)/ is multiplicative in odd integers m. In other words, 


(—1)0mm—D/2 = (-1)0 D7? .(—1)0™—Y/? for all pairs of odd in- 
tegers m, and my). 
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Proof. Remark first that m* is the unique integer such that |m*| = |m| and 
m* = 1 (mod 4). Parts i and ii are immediate consequences. To prove i11, note 


that m = m* if m = 1 (mod 4) and that m = —m* if m = 3 (mod 4). Part iv 
follows from ii and iii and the multiplicativity of the sign function. a 
Exercises 


1. Let p be an odd prime and let y be a primitive root mod p. Prove that 
(V/ P= 1 


2. Let p be an odd prime number. Prove that the smallest positive quadratic 
nonresidue mod p is prime. 


3. Show that for all primes p > 7 there is an integer n, 1 < n < 9, such that 
(n/p) = (n + 1)/p) = 1. (Suggestion: Consider separately the three cases 
(2/p) = 1, (5/p) = 1, and (2/p) = (5/p) = —1.) 


4. Complete the proof of Proposition 3.311 by showing that (—2/p) = 1 for 
an odd prime p implies that p = 1 or 3 (mod 8). 


5. Let p #5 be an odd prime number such that (5/p) = 1. Show by 
induction on p that p = +1 (mod 5). (Sketch: Write a? = 5 + up, where 
0 < a < p and a is even. If 5 + u, show that u = +1 (mod 5) by applying 
the inductive hypothesis to all prime divisors of u. If 5|u, show similarly 
that u/5 = +1 (mod5).) 

6. (Lagrange’s proof that (5/p) = +1 for every odd prime p = 4 (mod 5).) 
We say that two polynomials f= Ya,X' and g = ub,X' in Z[X] are 
congruent mod n iff a; = b; (mod jn) for all i. Let p be an odd prime 
number and let b € Z be a quadratic nonresidue mod p. 


i. Prove that 


(iby ae awy 
= a | a e Z[X]. 
Show that 

deg( f) = p and that f = 2(p + 1)(X? — X) (mod p). 


ii. Let e € Z bea positive divisor of p + 1, and let 


— (X+ vb) -— (X- vb) 
a Vb : 


12. 
13. 


14. 
15. 
16. 
17. 
18. 


19. 


20. 


21. 
22. 
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Show that g € Z[X]. Prove that there exists h € Z[ X] such that 
f = gh. Conclude that if e > 1 there exists a € Z such that g(a) = 0 
(mod p). 


iii. Suppose that p = 4(mod5). Let e = 5 in ii and verify that g = 10.X“ 
+ 20bX? + 2b. Conclude that (5/p) = +1. 


. Evaluate (211/317). 


. Prove that the congruence X* = 3 (mod p) has a solution for a prime 


p > 3 if and only if p = +1 (mod12). 


. Find all odd primes p + 5 such that (5/p) = 1. 


. For which primes p does X* = 7 (mod p) have a solution? Same question 


for the congruence X? = 13 (mod p). 


. Let f(X) =rX +5 € Q[X] be such that f(p)]=Z and (—-1/p)= 


(—1)/”) for all odd primes p. Show that f(X) = a(X — 1)/2 + b for 
some a, b € Z with a odd and b even. 


Prove directly that (—1)°"~ ?/? is multiplicative in odd integers m. 


Let f(X) = rX* + sX + t © Q[X] be such that f(p) € Z and (2/p) = 
(—1)/() for all odd primes p. Show that f(X) = a(X2 —1)/8 + bX +c, 
where a, b,c € Z with a odd and b = c (mod 2). 


Show that 503 is a prime divisor of 27°! — 1. 

Let p = +1 (mod 8) be prime. Show that 2 is not a primitive root mod p. 
Show that 2 1s a primitive root mod 347. 

Determine whether —2 is a primitive root mod 359. 


Let p be an odd prime such that g = 2p + 1 is also prime. Prove that 2 is 
a primitive root mod q if p = 1 (mod 4) and that —2 is a primitive root 
mod g if p = 3 (mod 4). 


Let p be a prime such that g = 2p + 118 also prime and let a € Z. Prove 
that a is a primitive root mod g if and only if a # 0 or —1 (mod q) and 


(a/q) = —1. 


Let p be a prime such that g = 4p + 1 is also prime. Prove that 2 is a 
primitive root mod gq. Find the four smallest primes gq to which this 
exercise applies. 


For which primes p with g = 2p + 1 prime is 5 a primitive root mod q? 


Show that 3 is a primitive root mod every prime of the form 2” + 1, 
n> 2. 
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23. 


25. 


26. 


Zi. 


28. 


29. 


30. 


SIL. 
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Prove that there is an infinite number of primes of each of the two forms 
8n + 3, 8n + 7. (Hint: Let P be a product of primes of the desired type. 
Consider prime divisors of P? + 2, 8P? — 1.) 


. Prove that there is an infinite number of primes of the form 5n — 1. Hence 


prove that there is an infinite number of primes with final digit 9. 


Let p = —1 (mod8) be prime and let x = 2(?+)/*, Prove that x* = 2 
(mod p). 
Let p be an odd prime and let a € Z where p+ a and (a/p) = 1. 


i. Suppose that p = 3 (mod4). Show that x? = a (mod p), where x = 
g (Pr D/4. 


ii. Suppose that p = 5 (mod 8). Prove that x* = +a (mod p) and y? = 


—x* (mod p), where x = a‘?*9/8 and y = 2077 D/4y, 


Let p = 1 (mod 4) be prime and write p = a? + b*, where a, b € Z and a 
is odd. Prove that (a/p) = 1 and (b/p) = (—1)?~ 


Let p # 3 be an odd prime. Express (3/p) as a product of Legendre 
symbols (q/p) with primes gq > 3. 


Let a be a positive integer and let p and gq be odd prime numbers not 
dividing a. Prove that if p = —q (mod4a), then (a/p) = (a/q). 


Deduce the Law of Quadratic Reciprocity from Proposition 3.5 and the 
assertion of Exercise 29. 


Let p be an odd prime. Let 


ve 3-4 


Similarly let RR, NR, NN be the number of integers n such that 
1 <n < p — 2 with values for (n/p) and ((n + 1)/p) specified by the 
mnemonic “R for quadratic Residue and N for quadratic Nonresidue 
mod p.” 


i. Show that 


RN = 


n 
1<n<p-2,(")=1, 
P 


(p—1)/2-1 if p =1(mod4) 


RR RNA OO Nn if p = 3 (mod4)- 


Evaluate similarly NR + NN, RR + NR, and RN + NN. 
ii. Show that RR + NN — RN — NR = —-1. (Aint: Show that 
Poi (n(n + 1)/p) = L240 + m)/p) = -1,) 
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iii. Prove that 


(x—-1,x,x,x) if p=4x+1=1(mod4) 


RR, RN, NR, NN) = 
( ) pair. if p = 4x + 3 = 3 (mod 4) 


4. The First Proof 


Gauss completed his first proof of the Law of Quadratic Reciprocity when he 
was 19 years old. The proof is an induction. We begin our presentation of that 
proof with a lemma that is crucial at the inductive step. The proof of the 
lemma is the most amazing proof in this book. Gauss could be extraordinarily 
clever. 


Lemma 4.1. Let g be a prime congruent to 1 mod 4. Then there exists an odd 
prime p < gq such that (q/p) = —1. 


Proof. This is easy if g = 5 (mod 8). Then (g + 1)/2 = 3 (mod 4), so there is a 
prime divisor p of (q+ 1)/2 that is congruent to 3 mod4. Clearly p < q. 
Since q = —1 (mod p) we can compute, using Proposition 3.31, that (¢/p) = 
(—1/p)= -1. 

Suppose that g = 1 (mod 8). Suppose that m € Z is such that 1 < 2m+1 
< q and (qg/p) = +1 for all odd primes p < 2m + 1. By Theorem 2.6, there 
exists x > m such that x* = g (mod(2m + 1)!). We compute 


(qg— 1?)(q— 2?) ---(q—m*) = (x? — P)(x? — 2?) --- (x? — m?) 


= (2m+ ane \[» (mod (2m + 1)!). 


Since the binomial coefficient is an integer and GCD(x,(2m + 1)!) = 1, we 
can conclude by Lemma 3.6 of Chapter 1 that 


(q — 1°)(q- 2”) ---(q— m’) 


(2m +1)! 
1 g—-1? gq — m? 
= TC OT ue TEC Ga 
m+1(m+1)-1 (m +1)" — m? 


This is impossible if m* < gq < (m+ 1)’, because then every factor in the last 
product is a fraction between 0 and 1. This remark applies to m = [vq ]. Since 
aAVq ] + 1 <q, there must exist an odd prime p < V9 ]+ 1 such that 
(q/p) = —1. 7 
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Proof of Proposition 1.2, The Law of Quadratic Reciprocity. We will prove 
Proposition 3.4111: (p*/q) = (q/p) for all pairs of distinct odd primes p, g. 
By Proposition 3.31 the roles of p and qg are symmetric, so we assume that 
p <q. The proof will be by induction on qg, the maximum of the two primes. 
The induction begins with the trivial case (3*/5) = (5/3) = —1. 

Let g > 5 and suppose that (a*/b) = (b/a) for all pairs of distinct odd 
primes a and b both less than g. Let p < g. We divide the analysis into three 
cases. 


Case 1. (p* / q) = 1. We are to prove that (q/p) = 1. 

Choose integers u and a, 0 < a < q, such that a” = p* + ug. Replacing a 
by g — a if necessary, we take a to be even. Then wu is odd and the inequality 
—q <a’ — p* <(q-1)*+ : <q? — q shows that 1 < u < g. 

If p + u, then p+ a. The congruence a” = ug (mod p) implies that (q/p) 
= (u/p). We must show that (u/p) = 1. Write u =[1,p, where the p, are 
(not necessarily distinct) odd primes less than qg and different from p. Since 
a* = p* (mod p,), we find that (p*/p,) = 1. By the induction hypothesis, 
(p/p) = 1. Thus (u/p) = I1,(p,/p) = 1. 

If plu, then pla. Let A =a/p and U=u/p. We then have pA? = 
(—1)°?~)/? + Ug, where p + U. We can proceed much as in the previous 
paragraph. The congruence (—1)‘?+/? = Ug (mod p) shows that (Ug/p) = 
(—1)'?~D/2-(P+D/2 = 1 and hence that (g/p) = (U/p). We evaluate (U/p). 
Write U =[],p,, with p; prime. The congruence p*A* = 1 (mod p,) shows 
that (p*/p;) = 1. The induction hypothesis applies to show that ( p,/p) = 1. 
Therefore, (U/p) = I1,(p,/p) = 1, as desired. 


Case 2. q = 3 (mod 4) and (p* / q) = —1. We are to prove that (¢/p) = —1. 

The hypotheses imply that (— p*/q) = 1. Let u and a be integers with a 
even and 0 < a < g such that a” = —p* + uq. Then, as in Case 1, u is odd 
andl <u<4q. 

If p+ u, then pt a and (q/p) = (u/p). We must show that (u/p) = —1. 
Write uw =I[],p,; where the p, are prime. Then (—p*/p,) = 1, which yields 
(p*/p,) =(-1)%~?”. The induction hypothesis implies that (p,/p) = 
( p* /p,;). Hence (u/p) = T1,( p,/p) = (— 1) ?”, where we have used Lemma 
3.7iv. Since u = —1 (mod 4), we can conclude that (u/p) = —1. 

If plu, then pla. Let A =a/p and U=u/p. We then have pA? = 
(—1)'°*)D/2 + Ug, where pt U. Since (Ug/p) = (-1)%"?”7/p) = 
(—1)'?~)/2, we find that we are to show that (U/p) = (—1)'7*)”. Write 
U =II,p,, with p,; prime. Applying the induction hypothesis, we compute 
(p/P) = (p*/p;) = (-1/p,) = (- 1)". Thus (U/p) = (p/p) = 
(—1)%"/2, Noting that U = —p (mod4), we conclude that (U/p) = 
(—1)(2*/? as desired. 
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Case 3. g = 1 (mod 4) and ( p* /q) = —1. Weare to prove that (¢/p) = —1. 

We must work a little to push Case 3 into a form similar to that of the first 
two cases. 

By Lemma 4.1 there exists an odd prime p’ less than g such that (g/p’) = 
—1. If p = p’ we are done, so assume that p + p’. If (p’/q) = 1, then by 
Case 1 we would have (q/p’) = 1, a contradiction. Therefore ( p’/q) = —1. 
We are to prove that (g/p)(q/p’) = 1. Suppose more generally that p and p’ 
are any two distinct odd primes less than gq such that ( pp’/q) = 1. We will 
show that (¢/p)(q/p’) = 1. 

Since ( pp’/q) = 1, we can find an integer uw and an even integer a, 
0 <a <q, such that a* = pp’ + ug. Then wu is odd and 1 < |u| < gq. There are 
three cases to be considered. 

If ptu and p’t+u, then GCD(a, pp’) =1. The congruence a? = ug 
(mod pp’) shows that (g/p) = (u/p) and (qg/p’) = (u/p’), sO we must prove 
that (u/p)(u/p’) = 1. Write |u| = I], p; with p; prime. The equation ( pp’/p,) 
= 1] becomes, on application of the induction hypothesis to (p/p,) and 
(p’/p;), the equation (p*/p )( p**/p’) = 1. Thus 


1 = [1 (p*/p)(p*/P’.) = (lul*/p)(lul*/p’) = (u*/p)(u*/P') 
= (Her eer u/p\u/p'): 


where we have used Lemma 3.711, 1, and iv. Since u = —pp’ (mod4), we 
conclude that (u/p)(u/p’) = 1. 
If p|u and p’ + u, then pla. Let A = a/p and U = u/p. Then pA? = p’ + 


Uq and GCD( pp’, U) = 1. Clearly (Uq/p) = (— p’/p) and (Uq/p’) = ( p/p’). 
The induction hypothesis applies to ( p’/p) and ( p/p’), so our goal is to show 
that 


(U/p)(U/p’) = (=p'/p)( p/p’) = (-1I) PPAF D2 DA 
- (ye ae ae 


Write |U| =I1,p,, with p, prime. Since pA? = p’ (mod p,), we have 
(p/p;) p'/p;) = 1. Another application of the induction hypothesis yields 


1 = TV (pi/p)(pi/P) = (U*/p\(U*/P') 


Se Op O72): 
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Since U = —p’ (mod 4), we have 


(U/p)(U/p’) = (aye eee wa (a) Pee eke Te 


= (- 1) eee 


as required. 

Finally, if pp’|u, then pp’|a. Let A = a/pp’ and U = u/pp’. We then have 
pp’ A* =1 + Ug, where GCD( pp’, U) = 1. Since (Ug/p)(Ug/p’) = (-1/p) 
(—1/p’) = (-1)? ~)/*, we must prove that (U/p)(U/p’) = (—1)?? ~Y??, 
Let |U| =I1,p, with p, prime. Using the induction hypothesis we have 
1 = (pp’/P;) = (P*/P) p/p’). Multiplying over i we get 


1 = (U*/p)(U*/p’) = (- 1)? PU /p )(U/P') 
= (-1)?(U/p )(U/P'), 


where the last equality holds because U = —1 (mod 4). 
The first proof of quadratic reciprocity is now complete. | 


5. The Gauss Lemma 


Gauss found a simple combinatorial evaluation of the Legendre symbol, now 
known as the Gauss Lemma, that was the basis of his third proof of quadratic 
reciprocity. 


Lemma 5.1. Gauss’s Lemma. Let p be an odd prime number and let a € Z 
with p +a. Let 


Let Y = (a,2a,...,((p — 1)/2)a). Let N equal the number of elements of 
the sequence Y that are congruent mod p to some integer of the second row of 
the matrix X. 


Then (a/p) = (-1)”. 


Proof. First observe that the elements of the matrix X form a complete set of 
representatives for the nonzero congruence classes mod p. Indeed, let j, k be 
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elements of X. Then | 7 — k| < p — 1, which shows that distinct elements of X 
cannot be congruent mod p. Since there are only p — 1 nonzero congruence 
classes mod p, the p — 1 elements of X must exhaust them. 

Therefore, every element of Y is congruent mod p to exactly one element 
of X. For j =1,2,...,(p — 1)/2, we can hence define «; © {+1} and 
o(j) © {1,2,...,(p — 1)/2} by the condition ja = €,o(j) (mod p). 

Next note that o is a permutation of the set of integers from 1 to 
(p — 1)/2. It will suffice to prove that o is injective, which just means that 
distinct elements of Y are congruent mod p to elements of X from distinct 
columns of X. If ja, ka in Y are congruent to elements from X lying in the 
same column, then either ja = ka or ja = —ka (mod p). Thus (j + k)a=0 
(mod p) or (j — k)a = 0 (mod p), from which it follows that p|j + k or 
p\j — k. ButO <j +k <p and |j — k| < p — 1, so we must have j = k. The 
elements ja, ka are not distinct, which proves what we wanted. 

We can summarize what we have proved so far by saying that there is 
exactly one element in each column of X that is congruent mod p to an 
element of Y. 

Since o is a permutation, we have IT$27"/7o( j) = ((p — 1)/2)!. 

The number N of the lemma is precisely the number of 7; = 1,2,..., 
(p — 1)/2 such that ¢; = —1. Thus I1$279/%e, = (—1)”. 

Finally we can calculate 


=| (p-1)/2 (p-1)/2 
p } 


aio-nn. (Po), ja= TT ¢o() 
j=l j=l 


(-1)"[75=]! (mod p), 


Because (( p — 1)/2)! is relatively prime to p, it can be cancelled from the 
congruence, so we have a‘?~)/? = (—1)% (mod p). By Proposition 3.2ii we 
can conclude that (a/p) = (— 1)” (mod p), and the Gauss Lemma is proved. 

w 


As a first application of the Gauss Lemma we present a second proof of the 
Supplement to the Law of Quadratic Reciprocity. 


Proof of Proposition 3.3. i. (—1/p) =(—1)%, where the N of the Gauss 
Lemma is trivially seen to equal ( p — 1)/2. 

11. To compute (2/p) by the Gauss Lemma, we must count the number N of 
J€ (1,2,...,(p — 1)/2} such that (p+1)/2<2j<p-—1. Clearly N 
equals the number of integers / such that (p + 1)/4 <j <(p— 1)/2. 
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If p= 4x +1=1 (mod4), then (p+ 1)/4=x+ 5, (p—-1)/2 = 2x, 
and so N = x. Thus 


2\ (-1)* = 1 if x is even, i.e., p = 1 (mod8) 
Pp} ~ \=-1~ if x is odd, ice., p = 5 (mod 8) * 


Similarly, if p = 4x + 3 = 3 (mod4), then N = x + 1. Hence 


2 = (-1)** = —1 if x is even, i.e., p = 3 (mod8) 
1 if x isodd,i.e., p = 7 (mod 8) © 


We now give a second proof of the Law of Quadratic Reciprocity. 


Proof of Proposition 1.2. Let p and gq be distinct odd primes. We will prove 
the law in the formulation of Proposition 3.411: (q¢/p)(p/q) = 
(- 1 a ae 

During the proof we will work with the set W = {(x, y) © Z’*]0 < x < 
(p+ 1)/2 and 0 <y<(q+1)/2}. W has (p — 1)/2- (q — 1)/2 elements 
since x © {1,2,...,(p — 1)/2} and y © (1,2,...,(q — 1)/2}. 

To compute (q/p) by the Gauss Lemma, we must count the number of 
x € {1,2,...,(p — 1)/2} such that there exists (necessarily unique) j € 
{1,2,...,(p — 1)/2} with gx = —j (mod p). This congruence can be written 
aS an equality gx = —j + py, where y € Z, and then 


re ae ae Se i so) a ey ee, 
ne a ae 2 2 Op a 


The Gauss Lemma thus asserts that (¢/p) = (—1)!"!, where M = {(x, y) € 
W\0 < py — qx <(p + 1)/2}. 

Interchanging p and g and x and y we find similarly that (p/q) = (—1)!"|, 
where N = {(x, y) © W|—(q + 1)/2 < py — gx < 0}. 

Two more sets R and S next enter the picture: R = {(x, y) © W|py — qx 
= (p + 1)/2} and S = {(x, y) © W| py — qx < —(q + 1)/2}. 

The four subsets M, N, R, S of W are clearly pairwise disjoint, and their 
union is all of W because there can be no integral solutions of the equation 
py — qx = 0 such that 0 < x < (p+ 1)/2 < p. Therefore 


_4)\-D/2-4-D/2 _ (1) WI ¢ yi ins iaitiss — | 2\f 2 \7 iris 
ep ena) (S\(E 1/8151 


To complete the proof of quadratic reciprocity it remains only to show that 
|R| + |S| 1s even. We will in fact prove that |R| = |S|. 
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Define ¢: W > W by the formula 


o(x, y) = ((p + 1)/2-—x,(¢+1)/2—-y). 


Clearly $ is a byection on W. Writing $(x, y) = (x’, y’), one computes that 
py’ — qx’ + (q+ 1)/2 = qx — py + (p + 1)/2, from which it is readily seen 
that (x, y) © R if and only if (x’, y’) € S. Thus ¢ is a bijection from R to S. 

a 


Exercises 


1. Evaluate (3/p) for primes p> 3 by direct application of the Gauss 
Lemma. 


2. Deduce Proposition 3.5 directly from the Gauss Lemma. (Suggestion: Begin 
with the case a > 0. Let p = 4ak + r. Show that (a/p) = (—1)% where N, 
the number of multiples of a in all the open intervals ((n — +) p, np) for 
n =1,2,...,[a/2], has the same parity as the total number of integers in 
all the intervals ((n — 5)r/a, nr/a) for n = 1,2,...,[a/2].) 


6. Gauss Sums 


Gauss’s fourth proof of quadratic reciprocity rests on the evaluation of an 
important finite sum that now bears his name. 


Definition 6.1. For odd positive integers n, set S(n) = D2zhe27*°/", 
After years and great effort, Gauss was able to prove: 
Theorem 6.2 


vn if n = 1 (mod 4) 


S(n) = : 
my ivn if n = 3 (mod 4) 
We begin by isolating a useful lemma. 


Lemma 6.3. Let a,n be nonzero integers such that nta. Then 
yn—la2miak/n = 0 
k=0 


Proof. This results from D7~} X* = (X" — 1)/(X — 1) applied to X¥ = e274/" 
+ 1. | 
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Proof of Proposition 1.2 from Theorem 6.2. Let p,q be distinct odd primes. 
Quadratic reciprocity follows immediately from Theorem 6.2 and the compu- 


tation S( pq) = (p/q)(q/p)S(p)S(q), which we now verify. 
First derive an alternative expression for S(p). 


DE ast ts Pee r | 
s(p)ars Lemerare Elie (Sen 
k=1 r=1 P 
p-l7/ >» 
_F [= | earive (6.4) 
r=1\P 
To see the second equality, note that the sequence 1°,2’,..., (p — 1)* con- 


tains each quadratic residue of p twice and contains no quadratic nonresidues. 
The third equality follows from Lemma 6.3. 
Finally, we compute. 


p-lq-l 
S(pq) = X Y& e2ti(ka+!y)"/pa (by Proposition 2.3) 
k=0 1=0 


: “ y ere] 


q-1 


1+ > 


s=1 


1+ 


s=1 
(r/p)= Gin) (s/q)=(p/q) 
Ellen 
q/\4 


. 


gol 
+2 e27t/P) [aie Vs e27is/q 


are 
ine (by (6.4). - 


There are many ways to evaluate S(n) now known, both analytic and 
algebraic. We shall present a twentieth century proof discovered by Schur that 
is based on the finite Fourier transform. 

For the rest of this section we fix once for all a positive odd integer n. 

Let C(Z/n) be the set of all complex valued functions f: Z/n — C. Thus 
C(Z /n) is an n-dimensional comp vector space. 

Let w = e27'/", so that S(n) = Le zhw*. 
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Definition 6.5. The Fourier transform F on Z/n is the linear map F: C(Z/n) 
— C(Z/n) defined by 


n—1 
Ff(a) = (1/vn ) Y f(k)wk* for fe C(Z/n), ae Zn. 
k=0 


The evaluation Theorem 6.2 of S() is an immediate consequence of 
Schur’s theorem, which follows. 


Theorem 6.6. Schur. 1. Trace(F') = (1/ vn )S(n). 
ii. The eigenvalues of F are 1, i, —1, —i. The multiplicities of the eigenval- 
ues (in the preceding order) are 


x+1,x,x,x ifn=4x+4+1=1 (mod4) 
X,xX,x,x-1 ifn=4x —1=3(mod4)_ 


Proof. 1. We compute the trace of F by representing F as a matrix. To this 
end, for b € Z/n let 5, € C(Z/n) be the characteristic function on {b}; that 
is, let 6,(a) = lif a= 5b, 6,(a) = Oif a # b. The set B= {6,|b © Z/n} isa 
basis for C(Z/n). 

Since 


J 71 1 
F6,(a) = —= 5,(k) wk? = ~w", 
sa) = TY By(k) wh = Te 
we have 


Fé, = a ae’ 


aE€Z/n 


Therefore, the matrix of F with respect to the basis B is 1/ yn (w*”)  - ae a 
Thus 


Ans 1 
tr( F) = Lan = aoe 


ii. Begin with the computation F’f(a) = f(—a) for all fe C(Z/n), ae 
Z /n. Indeed, 


F’f(a) = 3 ES De /Li)e! 


keEZ/n JEZ/n 


— © fa E otur). 


MET in kEZ/n 
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The inner sum is 0 by Lemma 6.3 unless 7 = —a (mod nn), in which case it 
equals n. The result follows. 

We make two deductions: 

First, since F4 = (F’)? is the identity map on C(Z/n), the eigenvalues of 
F must all be fourth roots of 1. Let the multiplicities of the eigenvalues 
1,7, —1, —i of F be mp, m,, m,, m;. (m, is the multiplicity of i’.) Because F 
has n eigenvalues, 


my +m,+m,+m,=n. (+) 


Second, since F75, = 5_, and 6, # 6_, for b #0 © Z/n (n is odd), we 
have that tr(F7) = 1, which can be written 


My) —-m,+m,—-—m,=1. (* * ) 
Combining (*) and (* *) we find 
2(mp>+m,)=n+1, 2(m,+m,)=n-1. (+ * *) 


Next we show that |S(n)| = Vn. Indeed, 
n—-1 n—-1 n—1 n—-1 
Sss= Vo ot ms sie =) ol > on) 
; j=0 k=0 


The last inner sum equals n if n|2j7, which can only happen when ; = 0 
(because n is odd). Otherwise, by Lemma 6.3, the inner sum equals 0. Thus 
|S(n)|? = SS =n. From Theorem 6.6i we deduce the relation (my) — m,)? + 
(m, — m,)* =1. 

There are two cases to be considered. If m, = m, = x and m),-— m,= +1, 
then n — 1 = 4x by (***) and so n=1 (mod4). If m>=m,= x and 
m, —m,= +1, then similarly n + 1 = 4x and thus n= 3 (mod4). Sum- 
marizing what we have proved so far, we can write 


m)-m,= +1, m,=m,=x ifn = 4x + 1 =1 (mod 4) 


Mm) =mM,= x, m,—m,= +1 ifn=4x —1=3(mod4)_ 


It remains but to settle a question of sign. We must show that in the two 
cases we have my — m, = 1, m, — m, = 1. This will be done by computing 
the determinant of F in two ways. 
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To begin with, the determinant may be calculated as the product of the 
eigenvalues of F. Thus 


det( F ) 


jim — m3 — 2m — jm — m3) + (mg — m2)—(A +n)/2 (by ( * 3 * )) 


(6.7) 


— | (my — m,)iP-?”? ifn = 1 (mod 4) 
(m,—m,)i9-?”? ifn =3(mod4) 


On the other hand, we showed in the proof of Theorem 6.61 that the matrix 
of F with respect to a suitable basis is essentially a Vandermonde matrix, so 
its determinant may be computed directly: 


1 
det( ae ia (w? — w? 


det( F 
( ) vn a, O<a<b<n-1 


= n 7/2 IT] eam aid a i oa _ eee yen) 


a<b 


n—/2@(mi/nEq<s(atb) TT [20 sin 


(b—a)a 
a<b n ) 
This last expression simplifies. Consider the set X = {(a,b)]0<a<b 
<n -— 1)}. For 7 = 0,1,...,m — 1 there are exactly n — 1 elements (a, b) € X 
with a = j or b = j. Thus 


eee oe ("=| 0: Guedn): 


O<a<bs<n-1 jJ=0 


Hence 


(b-—a)a 


a<b n 


det(F) =n "” [] [2 sin | = Kn? 


(6.8) 


where K is a positive real number because every sine in the product is 
positive. 

Finally, comparison of the two expressions (6.7) and (6.8) for the determi- 
nant of F proves that m) — m, = +1 if n = 1 (mod 4) and that m, — m, = 
+1 if n = 3 (mod 4). The proof of Schur’s theorem is complete. a 


88 


QUADRATIC RECIPROCITY 


Exercises 


1. Let n be a positive odd integer. 


1. 


Show that Ff is an even function of Z/n if f is even and that Ff is odd 
if f is odd. Determine the dimensions of the spaces V* of even 
functions and V_ of odd functions in C(Z/n). 

Deduce relation (* * *) by consideration of the eigenvalues of F when 
restricted to each of the spaces V" and V-. 


2. Let 
1 1 1 1 
2 n—l 
1 yank «@=12 x -Yr-b 


where n is a positive integer. Prove that det T= [1p -,<,<n-1(X" — X%). 


. Show that the linear transformation F is diagonalizable for all odd integers 


n> 0. 


. Let G be a finite abelian group. A character of G is a homomorphism x: 


G — C%. Let C(G) be the space of all complex valued functions on G and 
let G be the set of characters of G. 


Show that G is a finite abelian group under ordinary multiplication of 
functions. Note that x’ = x for every x © G, where x denotes the 
function complex conjugate to x. 


Define an inner product (-,-) on C(G) by the formula (f, g) = 
Lect (x) g(x). Show that for x, x’ € G, we have 


( r= {i if x # x’ 
a TG: ite =e 


Conclude that the set G is linearly independent. 


Suppose that G is cyclic of order n. Show that there are exactly n 
characters of G. Conclude that G is a vector space basis of C(G). 


. Prove that H X K =(H X G)* for every pair of finite abelian groups H 


and K. Using the structure theorem for finite abelian groups. prove that 
G is a basis of C(G) for every finite abelian group G. 


5. Let p be an odd prime number, let G = U, C Z/p, and let w = e?”/?. We 
will identify G with a subset of C(Z/p) by “extension by zero,” 1.e., by 
defining x(0) = 0 for all x € G. 
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i. Let x #16€ G and define 2(x) = LP2ix(a)w*. Show that Fy = 
(8(x)/ yp )X, that F(Fx) = x(—1)x, and that g(x)g(x) = x(-D)p. 

ii. Let x, © G be the identity character and let x, € G be the Legendre 
symbol, x,(a) = (a/p) for a € G. Show that x, and x, are the only 
real-valued characters of G. 

iii. Order the basis G U {5)} of C(Z/p) as follows: first 5), then x,, then 
X>, then the rest of the elements x, x, x’, x’,... of G arranged in pairs 
of complex conjugate characters. Prove that the matrix of F with 
respect to the preceding ordered basis is the diagonal block matrix 


1 


p= sean (1? 1). 


6x) AP hate P )-} 


iv. Compute det( Ff’) from the matrix expression of 111. Compare with (6.8) 
to evaluate g(x,) = S(p). 


v. Determine the eigenvectors of F in C(Z/p). 


7. The Ring Z[e?™/”"] 


The computations of Gauss’s sixth proof of quadratic reciprocity take place 
within a natural generalization of the ring Z[/] of Gaussian integers. 


Definition 7.1. For every positive integer n define the cyclotomic ring Z[e?7'/"] 
= {(Derhm,e27*/"m, € Z} CC. 


The cyclotomic ring Z[e*7'/”] was originally investigated in connection 
with Fermat’s Diophantine equation X” + Y” = Z”, still a subject of active 
research. Of greater historical significance perhaps is the major role played by 
the cyclotomic rings in the development of both algebraic number theory and 
modern ring theory. These rings were at first vexing because in most cases 
factorization of cyclotomic numbers into products of prime elements in the 
rings is not unique. They belong to the class of rings now called Dedekind 
domains. We shall not go into this interesting story here, since our present 
interest is just a proof of the Law of Quadratic Reciprocity. For that we need 
just one simple property of the cyclotomic rings. 


Proposition 7.2. Z[e27'/"] NO Q = Z for all n > 1. 
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Proof. We will prove first that every element of Z[e?"'/”] is the zero of a 
monic polynomial with coefficients in Z. Then we show that every rational 
number with the same property is actually an integer. Let w = e*7'/”. 

Let z € Z[w]. Since Z[w] is a ring, zw’ © Z[w] for every integer i. Thus 
there exist integers a,, such that zw’ = L%_9a,,0/, 0O<i<n—1. Setting 
A = (4;,)0 <i, j<n—1» We Can write these equations as a single matrix equation: 
Av = zv, where v =‘(w®, w!,..., w”~!). In other words, z is an eigenvalue of 
the n X n matrix A. Therefore, z is a root of the characteristic polynomial of 
A, which is monic and has coefficients in Z because A has integer entries. 

Let r=u/v © Q, where wu and v are relatively prime integers, v + 0. 
Suppose that r is a zero of a polynomial p(X) = X”" + ©7_,a,X""' © Z[X]. 
Then v"p(r) = u" + Y7_,a,u"~'v' = 0, which shows that v|u”. Since 
GCD(u, v) = 1, it follows that vju. Thus r = u/u € Z. a 


Definition 7.3. For odd prime numbers p, set g, = L?_1(a/p)e?”'*/”. 


The sum g, is called a Gauss sum. In view of (6.4) we have g, = S(p), 
where the number S(p) € Z[e?7'/”] was evaluated in Theorem 6.2. But the 
arguments to follow will in no way depend upon that previous evaluation. 


Lemma 7.4. Let p and q be distinct odd primes. 
i. (g,)* = p*. 
ii. (g,)% * = (q/p) (mod q). 


Proof. Let w = e?7'/?. 
i. In view of (6.4), this is an immediate consequence of Theorem 6.2. But a 
simple proof by direct computation can be given as follows: 


oo E(B (se EGE 


a-1\P b=1\P GIN NE ae 
p-i b p-li 

_ 3 | y yt tD_ 
b=1 P a=1 


By Lemma 6.3. we have that 


—| 7 
y wtotl — i if b= —1 (mod p) - 
ra =] otherwise 


Thus 


cot [Etho-9-(EL8)-(ES hoe 
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where we have used Proposition 3.21, the fact that there are exactly as many 
quadratic residues as quadratic nonresidues mod p. 

ii. The assertion to be proved has meaning because i implies that (g,)? A 
7. 

We will write A = B (mod gZ[w]) for complex numbers A and B to 
indicate that A — B © gZ[w]. Compute as follows: 


(g,)" 


S (S)er] = 5 [Zor moa eats) 


a=1 


I 
1™M 


I 
a 
~S | 
“wee 
S 


The congruence mod gZ[w] holds because most of the multinomial coefficients 
in a g-power expansion are divisible by the prime g. 

Multiplying by g, € Z[w] and using i, we find that p*g¢~' = q*(q/p) 
(mod gZ[w]). Since both sides of this congruence lie in Z, Proposition 7.2 
proves that p*g? ~! = p*(q/p) (mod qgZ). We get what we want by cancelling 
p* from this congruence, which is possible because p and gq are relatively 
prime (Lemma 3.6 of Chapter 1). | 


We can now prove quadratic reciprocity in one line. 


Proof of Proposition 1.2. We will prove Proposition 3.4111. By Proposition 3.211 
and Lemma 7.4 we have 


[A } = (yr = (,) = (4) (moda). . 


Exercise 


1. Let p be an odd prime, let w = e?””*, and let g=wtw ". 
i. Show that g? = 2. 
ii. Show that g? = w? + w ? (mod pZ[w)). 
iii. Show that w? + w ? = +g and determine how the sign depends on 
p. 
iv. Prove that 
2 1 if p= +1 (mod8) 
=)={ 3 if p = +3 (mod8)’ 
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8. The Jacobi Symbol 


For computational purposes it is convenient to extend the domain of the 
Legendre symbol. 


Definition 8.1. The Jacobi symbol (a/m) is defined for all a, m € Z such that 
m is odd and positive and GCD(a, m) = 1 by the equation (a/m) = II,(a/p,), 
where m = [],p,;, the p; are prime, and (a/p,) denotes the Legendre symbol. 


The important properties of the Jacobi symbol are all easily deducible from 
its definition and the properties of the Legendre symbol. Note particularly 
multiplicativity in both arguments (ab/m) = (a/m)(b/m) and (a/mn) = 
(a/m)(b/n). Observe also that (a/m) = (b/m) if a = b (mod m). We give a 
more formal statement of the reciprocity law, which is the same as that of the 
Legendre symbol. 


Proposition 8.2. Jacobi Reciprocity and Supplements. Let m and n be odd 
positive integers such that GCD(m, n) = 1. 


i. (| ey eb are 1 if m= 1 (mod4) 
ll. (=| = (1-94 = 1 if m= +1 (mod8) 
. —1 if m= +3 (mod8) 


ii, = (=) 


(- lila ~| 
n 


m 
f& if m = 1 orn = 1 (mod 4) 
n 


-(=) if m = n = 3 (mod4) 


Equivalently, (m*/n) = (n/m). 


Proof. i. Let m =J1,p;, where the p,; are odd prime numbers. Then (—1/m) 
= T1,(-1/p,) = T1i(-1)%— ?? = (— 1)" ?”?, where we have used Proposi- 
tion 3.31 and Lemma 3.7iv. 

il. The equivalence of the two assertions of i11 1s a consequence of i. We 
prove that (m*/n) = (n/m). 

Let m=TI[I,p; and let n=I1,q;, where the p,; and q, are odd prime 
numbers. Using multiplicativity of the Legendre symbol, the Law of Quadratic 
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Reciprocity 3.4ii1, and Lemma 3.711, we compute (m*/n) = [1,11,(p*/q,) = 
11,11,(4,/p,) = (n/m). 

li. We have ((m + 2)/m) =(m/(m + 2)) by i, since m#m-+2 
(mod 4). Thus (2/m) = ((m + 2)/m) = (m/(m + 2)) = (—2/(m + 2)) = 
(—1/(m + 2))(2/(m + 2)). In particular, (2/(8k + 1)) = —(2/(8k + 3)) = 
—(2/(8k + 5)) = (2/(8k + 7)) = (2/(8(k + 1) + 1)) for all integers k > 0. 
An induction beginning with the case (2/1) = 1 shows that (2/(8k + 1)) =1 
for all k > 0. Statement 11 follows immediately. | 


It is worth noting that the preceding proof of Proposition 8.211 did not rely 
upon a prior evaluation of the Legendre symbols (2/p). It therefore con- 
stitutes an independent proof of Proposition 3.311. 

The properties of the Jacobi symbol that we have derived can be combined 
into a fast recursive algorithm to compute it. One straightforward procedure to 
compute (m/n) goes as follows. 


1. (0/1) = 1. 

2. If m < 0, then (m/n) = (—1/n)(|m|/n). 

3. If m > n, then (m/n) = (r/n), where m= r (mod n) andO <r<n. 
4. If 2|m, then (m/n) = (2/n) - ((m/2)/n). 

5. (m/n) = (n*/m). 


Much of the importance of the Jacobi symbol derives from the fact that it 
can be computed efficiently. The Legendre symbol is a special case, so it can 
therefore be computed quickly too. The answer to the question of the existence 
of solutions of the congruence X* = a (mod p) for fixed a and prime number 
p can therefore be found quickly by computing (a/p). A trial and error search 
for solutions through X = 1,2,...,( p — 1)/2 would almost always be totally 
impractical for very large p. 

The rest of this section is a digression on a practical method to discover 
large primes that was found by Solovay and Strassen. 

Let m be an odd prime number. Then every x = 1,2,..., m — 1 satisfies 
the two conditions (by Proposition 3.211) 


GCD(x, m) = 1, (8.3a) 


xm" D/A = (—| (mod m). (8.3b) 


The Solovay—Strassen test is based on a strong converse statement. 
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Definition 8.4. Let m > 1 be an odd integer. We say that x © {1,2,...,m— 1} 
is a witness that m is composite iff either of the conditions (8.3a) or (8.3b) fails 
for x. 


To prove that an odd integer is composite, it clearly suffices to find a 
witness. But how easy is that to do? 


Proposition 8.5. Let m > 1 be a composite odd integer. Then more than half 
the integers 1,2,...,m — 1 are witnesses that m is composite. 


Proof. Let m > 1 be a composite odd integer. We prove first that there is a 
witness that m is composite that is relatively prime to m. 

Suppose first that there is a prime number p such that p*|m. Then there 
exists an element x of U,, that has order p. One can take for instance 
x=1+m/pe U,, for it follows easily from the binomial theorem that 
(1 + m/p)? =1 (modm). We can compute (x/m)* =(+1)?=1. But 
(x(™—D/2)? = xml #1 (mod m) because p, the order of x in U,,, does not 
divide m — 1. Thus x is a witness. 

On the other hand, suppose that m = p,p, --- p,, where the p, are distinct 
odd primes and r > 2. Let a © Z be such that p, t a and (a/p,) = —1. By 
the Chinese Remainder Theorem 2.2 choose x © Z such that x = a (mod p,) 
and x = 1 (mod p,) for i > 2. Then (x/m) =I1,(x/p,;) = —1, but x¢"~)/ 
= 1 (mod p,). Thus x is a witness. 

Let @: U, > U,, be the homomorphism $(x) = x("~)/* -(x/m). The 
kernel of ¢ is the set of elements of {1,2,...,m— 1} that are not witnesses 
that m is composite. We have just proved that ¢ is nontrivial, so the kernel of 
g@ 1S a proper subgroup of U,. Its index in U, must be at least 2. Hence 
Iker o| < |U,,|/2 < (m— 1)/2. Therefore, the number of witnesses that m is 
composite must be greater than (m — 1)/2. a 


The Solovay—Strassen test that an integer is prime is simply a random 
search for witnesses that it is composite. If no witness is found, the test asserts, 
possibly wrongly, that the integer is prime. It can be analyzed as follows. 

Let m>1 be a composite odd integer. Proposition 8.5 shows that a 
random search among the integers 1,2,..., m — 1 will very probably turn up a 
witness that m is composite, and hence a proof of the fact, fairly quickly. 
Therefore failure to discover a witness that an integer is composite after such a 
random search can be overwhelming circumstantial evidence that the integer 1s 
prime. It’s as if you were given a coin that you knew to be either a normal 
penny or a two-headed freak. Suppose you toss the coin 100 times, getting 
heads each time. What would you say? 

To prove that a suspected prime number is actually prime requires quite 
different techniques. 
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Exercises 


1. Find a pair of positive relatively prime integers a and m such that 
(a/m) = 1 but X* = a (mod m) has no solution. 


2. Evaluate (3989 /144169). 
3. Prove Proposition 8.211 directly from Proposition 3.311 and Definition 8.1. 


4. Let p be an odd prime and let a € Z with pt a. 


i. Prove that if p = 3 (mod 4), then the congruence X* = a (mod p) has a 
solution if and only if (a/p) = 1. 


ii. Prove that if p = 1 (mod 4), then the equation X* = a (mod p) has a 
solution if and only if a‘?~»/4 = 1 (mod p). 


5. Find all primes p such that following congruences have solutions. 
i. X* = 4 (mod p). 
ii, X* = —4 (mod p). 


6. Let p = 1 (mod4) be prime. Write p = a* + b*, where a, b are positive 
integers and a is odd. Let f © Z satisfy the congruence b = af (mod p). 
Prove the following: 

i. ((a + b)/p) = (2ab)'?~/4 (mod p). 
ii. ((a + b)/p) = (2/(a + b)). (Hint: 2p = (a — b)? (moda + b),) 
iii. f2 = —1 (mod p). 
iv. Q(P-1)/4 = yaaa 
v. X* = 2 (mod p) has a solution if and only if b = 0 (mod 8) if and only 
if X* + 64Y? = p has an integral solution. 


7. Let a,b © Z, where GCD(a, b) = 1. Suppose that a = b = 3 (mod 4) and 
that there exist a, 8B € Z such that B? = b (moda) and a? = a (mod b). 
Prove that a < 0 and b < 0. (This exercise shows that the sign of an integer 
and its congruence properties are not independent.) 

9. The Kronecker Symbol 


Definition 9.1. An integer A is said to be a discriminant iff A = 0 or 1 (mod 4). 


Definition 9.2. The Kronecker symbol x, is defined for nonsquare discrimi- 
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nants A to be the function on {m € Z|GCD(™m, A) = 1} given by 


(m/\A}) if A is odd 
xan) =) (gy 92. 92.29 )m))(m/d) 
if A is even, A = 2°d, d odd 


Notice an old friend, x_,(m) = (—1)°"~ ?/” for odd integers m. 


The Kronecker symbol is just as easy to evaluate as the Jacobi symbol. 


Proposition 9.3. Let A be a nonsquare discriminant. 


i. Let m,n © Z be relatively prime to A. Then x ,(mn) = x a(m)x a(n). Tf 
m =n (mod A), then x,(m) = x,(“). 
ll. xX,(m) = (A/m) for all positive odd integers m relatively prime to A. 
ili. x,(—1) = sign A. 


1 if A=1(mod8 
Iv. X,(2) = ne ( ) 
—1 if A=5 (mod8) 
v. [There exists m € Z relatively prime to A such that x,(m) = —1. 


vi. The function x,: Uy > {+1} is a surjective group homomorphism. 


Proof. i. The multiplicativity of x, follows from Lemma 3.7iv and the 
multiplicativity of the Jacobi symbol in both arguments. 

The second assertion requires comment only when A is even. Suppose that 
A = 2°d is even, with d odd and a> 2, and that m =n (mod A). Then 
m =n (mod 4), which shows that (—1)°"~/? = (—1)~P/”, If a = 2, then 
(2%/|m|) = (2%/7|n) = 1. If a> 3, then m=n (mod8), whence |m| = +]n| 
(mod 8), and thus by Proposition 8.211 we have (27/|m]) = (2%/|n]). Finally, the 
congruence m =n (mod d) implies that (m/|d|) = (n/|d|). It follows that 
Xa(m) = Xa(7). 

il. Use the reciprocity law. 

For odd A, 


(m/|Al) = (JAl*/m) = (A/m), 


since A = |A|*. 
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For even A = 2°d, 
(m/|dl) = (|d*/m) = (-1)6 07 9” dm) 


and (2/|m|)? = (2/m)?. Use multiplicativity of the Jacobi symbol. 
ili. For odd A we have 


(-1/)A) = (-1)"” = sign({A| - |A*) = sign A, 


since |A| > 0 and |A|* = A. 
For even A = 24d, 


xa(—1) = (-1)°° "(= 1/|d) = sign(d - d* - |d| - |df*) 


sign(d) = sign A, 


since d*|d|* = d* > 0. 

iv. If A =1 (mod8), then |A]= +1 (mod8). If A =5 (mod 8), then 
|A| = +3 (mod 8). Apply Proposition 8.211. 

v. If A < 0, then x,(—1) = —1, so suppose that A > 0. 

We are going to use the Chinese Remainder Theorem 2.2 to produce an 
integer m such that x,(m) = —1. 

Write A = 27d, where d is odd. Since A is not a square, either a is odd or d 
is not a square. For positive odd integers m we have x,(m) = (2°%d/m) = 
(2/m)*(m* /d ). 

If a is odd, choose an integer m > 0 such that m = 5 (mod 8) and m= 1 
(mod d). Then m = m* and so x,(m) = (—1)°(1/d) = —-1. 

If a is even, then d is not a square. Thus there is a prime number p such 
that d = p’f where r is odd, fe Z, and pt f. Let b © Z be such that p+ b 
and (b/p) = —1. Choose an integer m > 0 such that m = b (mod p) and 
m=1 (mod4f). Then m= m*. We have x,(m) = (m/p)(m/) = 
(b/py"(A/f) = (=) = -1. 

vi. By 1 and v. = 


With the introduction of the Kronecker symbol we can at last give a 
satisfactory answer to the question: Given an integer a, for which prime 
numbers p does there exist a solution to the congruence equation X* =a 
(mod p)? 

If a is a square, the answer is of course that solutions exist for all primes p. 
If a is not a discriminant, then 4a is a discriminant and the two congruences 
X* =a and X?* = 4a (mod p) have solutions for exactly the same sets of 
primes p. So the case of real interest is that of a nonsquare discriminant a. 
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Suppose that a © Z is a nonsquare discriminant and that p is an odd 
prime number not dividing a. Then x,(p)=(a/p). We can assert that 
X* =a (mod p) has a solution if and only if x,(p) = 1. The remarkable 
features of this assertion are the properties Proposition 9.31 of the function x ,, 
namely that x, is periodic mod a and multiplicative. We summarize this in 
our next statement, which includes Theorem 1.3. 


Theorem 9.4. Let A € Z be a nonsquare discriminant. 

Then x, is the unique homomorphism f: Uy, ~ {+1} such that the 
following two conditions are equivalent for all odd primes p that do not 
divide A. 


1. X* = A (mod p) has a solution. 
2. p €& kerf. 


Therefore, the primes p for which X? = A (mod p) has a solution are 
precisely those odd primes that lie in a fixed subgroup of U of index 2 
together with the prime divisors of 2A. 


Proof. The deep question of existence of the homomorphism f is settled by 
the construction of the Kronecker symbol. Gauss’s Law of Quadratic Re- 
ciprocity was the key ingredient in this development. 

Uniqueness is much easier. The equivalence of conditions 1 and 2 specifies 
the values f(p) =(A/p) for odd primes p not dividing A. But this de- 
termines f completely because these elements p are easily seen to form a set of 
generators for the group U,. Let x © U,. There exists a positive odd integer a 
such that x = a. Let a = [|,p,;, where the p, are prime. Then x = J], p,. a 


Theorem 9.4 is a straight generalization of Lemma 1.4 of Chapter 2, which 
analyzed the congruence X? = —1 (mod p) for odd prime numbers p. That 
congruence was the starting point for our study of the specific quadratic form 
X* + Y*. With Theorem 9.4 in hand we are in a position to take the first step 
in the general theory of the representation of prime numbers by integral 
binary quadratic forms. 


Exercises 


1. Let A be a nonsquare even discriminant. Show that x,(m) = 
(sign A)&"—)/2(\A| / ml) for all integers m relatively prime to A. 


2. Determine ker x, for all nonsquare discriminants A such that |A] < 15. 
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3. Prove that Uy = kerx, X {+1} for all negative discriminants A. 


4. Let A be a nonsquare discriminant and let f # 0 © Z. Prove that x ,(m) = 
x 2a(m) for all integers m such that GCD(m, fA) = 1. 


5. Let A be a nonsquare discriminant. 
i. Prove that there is a prime p ¢ A such that x,(p) = —1. 
ii. Prove that there is an infinite number of primes pt A such that 
xXa( Pp) = —1. (Suggestion: Use Exercise 4.) 
iii. What does 11 say for A = —4 and A = 5? 


6. Let a € Z. Show that if X* = a has no integral solution, then there exists 
an infinite number of primes p such that X* = a (mod p) has no solution. 


7. Using Dirichlet’s Theorem on Primes in Arithmetic Progressions, prove 
that x, is the unique function f: Uy > {+1} such that X* = A (mod p) 
has a solution for an odd prime p not dividing A if and only if f( p) = 1. 


8. Let q be an odd prime. Show that ker x4, = {+x°|x © Uj,}. 


10. Binary Quadratic Forms 


The study of quadratic congruences was undertaken with binary quadratic 
forms in mind. We now make the connection between the two subjects. 


Proof of Proposition 1.1. 1 = 2. Suppose that an integral form F(X, Y) = aX? 
+ bXY + cY* of discriminant A represents a prime number p, say F(r, 5) = p, 
where r, s € Z. Since p is prime, GCD(r, s) = 1. Thus there exist integers 7, u 
such that 


= (7 _ e SL,(Z). 


Then gF = pX* + b'XY + c'Y’, where b’,c’ € Z. The equivalent forms F 
and gF have the same discriminant. Hence A = b’? — 4pc’, which shows that 
b’? = A (mod p). 

2 = 1. Suppose that m € Z solves the congruence m? = A (mod p). After 
replacing m by m+ p if necessary, we may assume that m and A have the 
same parity (because p is odd). Write m? = A+ np, with n © Z. Then 
np = m? — A = 0 (mod 4), because A is congruent to 0 or 1 mod4. Thus 
n/4 © Z. The form pX* + mXY + (n/4)Y? is an integral form of discrimi- 
nant A that represents p. | 
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We can now answer the question initially posed in Section 1. The next 
theorem has been the goal of this chapter. 


Theorem 10.1. Let A be a nonsquare discriminant and let p be a prime 
number. The following two conditions are equivalent. 


1. There exists an integral binary quadratic form of discriminant A that 
represents p. 

2. Either p|A or p+ A and x,(p)=1, where x,y: Uy > {+1} is the 
Kronecker symbol. 


Proof. 1 => 2. If p is odd, the implication is an immediate consequence of 
Proposition 1.1 and Theorem 9.4. 

It remains to examine the case p = 2 and A= 1 (mod4). In view of 
Proposition 9.3iv, we are to prove that ax” + bxy + cy? = 2 with a, b,c, x, y 
© Z and b odd implies A = b? — 4ac = 1 (mod 8). If x is even and y is odd, 
then c is even. If x is odd and y is even, then a is even. If x and y are both 
odd, then a and c have opposite parity. In all cases, A = b? = 1 (mod 8). 

2=> 1. If p is odd, the implication is an immediate consequence of 
Proposition 1.1 and Theorem 9.4. 

It remains to examine the case p = 2. If A = 1 (mod 8), then 2X? + XY + 
((1 — A)/8)Y° is an integral form of discriminant A that represents 2. If 8|A, 
then 2X? — (A/8)Y? has discriminant A and represents 2. If A = 4d where d 
is odd, then 2X2 + 2XY + (1 — d)/2)Y?’ has discriminant A and repre- 
sents 2. a 


Some complements can be given. 
We first take up the question of uniqueness of the representing form. 


Proposition 10.2. Any two integral forms of the same discriminant that 
represent the same prime number p must be equivalent forms. 


Proof. Let F be an integral binary form that represents a prime number p. In 
the first part of the proof of Proposition 1.1 we showed that F is properly 
equivalent to a form F’ with leading coefficient equal to p. By choice of n € Z 
we can arrange that G °F = pX* + bXY + cY’, where —p < b<p. We 
will prove that all integral forms pX* + bXY + cY? such that —p<b<p 
and with the same discriminant A are equivalent. Note that two such forms 
with the same middle coefficient b are actually equal, because c is determined 
by the equation b* — 4pc = A. The parity of b is the same as that of A. 
Suppose first that p is odd. If p|A, then p|b, so that b € {0, p}. Thus 5b is 
uniquely determined by the parity of A. If p + A, let B be the unique integer 
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with the parity of A such that B* = A (mod p) and 0 < B < p. Then b = +8. 
But the two forms pX* + BXY + cY? and pX* — BXY +4 cY? are clearly 
equivalent. 

Now suppose that p = 2. Then —1 < b < 2. If A is even, then b € {0,2} 
is uniquely determined by the condition b? = A (mod 8). If A is odd, then 
b = +1 and the two relevant forms are equivalent. zl 


A representation of a prime p by a form aX? + bXY + cY? with coeffi- 
cients divisible by p might better be thought of as a representation of 1 by the 
form (a/p)X* + (b/p) XY + (c/p)Y’. A definition is suggested. 


Definition 10.3. A nonzero integral binary quadratic form aX? + bXY + cY? 
is primitive 1ff GCD(a, b, c) = 1. 


Proposition 10.4. Let p be a prime number that is represented by an integral 
form F of discriminant A. Then F is not primitive if and only if p?|A and 
A/p? is a discriminant. 

Thus the forms of discriminant A that represent p are primitive if and only 
if either (a) p* t Aor (b) p = 2 and A = 8 or 12 (mod 16). 


Proof. If p divides the three coefficients of an integral binary form F of 
discriminant A, then p* must divide A and A/p” is the discriminant of the 
integral form F’/p. 

Conversely, suppose that p?|A and that A/p? is a discriminant. There is an 
integral form G of discriminant A/p? that represents 1. Then pG has 
discriminant A and represents p. Thus none of the forms of discriminant A 
that represent p are primitive because by Proposition 10.2 they are all 
equivalent to pG, which is not primitive. 

The second assertion is a rewording of the first. a 


Let us summarize the results we have proved. 

Let A be a nonsquare discriminant. The integral binary quadratic forms of 
discriminant A are partitioned into equivalence classes. The prime numbers 
are partitioned into two sets: (1) those primes that are represented by no form 
of discriminant A and (2) those primes that are represented by all the forms in 
one equivalence class of forms of discriminant A and by none of the forms in 
the others. Theorem 10.1, which is really just one form of the Law of 
Quadratic Reciprocity, gives a satisfactory description of the two sets of 
primes by congruence conditions. 

The preceding theory says nothing about which equivalence classes of forms 
represent which primes. The problem does not arise for those discriminants A 
with only one equivalence class of primitive forms that represent positive 
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integers (i.e., positive definite if A < 0) such as A = —3, —4, 5, 
—7, +8, —11, —12,13. But in general the situation is very difficult. Gauss 
made an initial attack on the problem with his class groups and theory of 
genera. But that is matter for Chapter 5. 


Exercises 


1. Prove that the form X* + XY + 2Y°? represents a prime p if and only if 
p=7or p = 1, 2, or 4 (mod 7). 


2. Determine the primes p that are represented by X* + XY + 3Y°. 


3. Show that every integer is represented by some integral form of every 
square discriminant. 


4. An integral binary quadratic form f is said to represent an integer n 
properly iff there exists (x, y) © Z* such that GCD(x, y) = 1 and f(x, y) 
=n. Let A be a discriminant and let n # 0 € Z. Prove that there is a form 
of discriminant A that represents n properly if and only if the congruence 
X* = A (mod 4n) has a solution. 


5. Can equivalence be replaced by proper equivalence in the conclusion of 
Proposition 10.2? 


6. Show that the forms X* + XY + 6Y* and 2X* + XY + 3Y? have the 
same discriminant, are inequivalent, and both represent 4. Thus the hy- 
pothesis that p be prime in Proposition 10.2 is essential. 


7. i. Let p # 2,5 be prime. Show that p is represented by a positive definite 
form of discriminant — 20 if and only if p = 1, 3, 7, or 9 (mod 20). 

ii. Let p # 2,5 be prime. Prove that p is represented by X? + 5Y? if and 
only if p = 1 or 9 (mod 20) and that p is represented by 2X* + 2XY 
+ 3Y? if and only if p = 3 or 7 (mod 20). 

iii. Verify (2x7 + 2xy + 3y?)(2z7 + 2zw + 3w’) = X72 4+ 5Y’, where X 
= xw + yz —2yw+ 2xz and Y = xw + yz + yw. 

iv. Let n = 5°( po --- p&)\(qH --- q4)(ue --- ue), where the ps are 
primes = 1 or 9 (mod 20), the gs are primes = 3 or 7 (mod 20), and 
the us are other primes. Show that if d, + d, + --- +d, and all the es 
are even, then n is represented by X? + 5Y7. 


8. Let p = 1 (mod12) be prime. 


i. Show that p = a? + b? = t? + 3u’, where a,b,t,u are positive in- 
tegers, a and ¢ are odd, and b and uw are even. 


Vi. 


Vil. 
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i. Prove that (—3)'?~)/4 = (—1)"")/2(2/p)(t/3) (mod p). 


(Hint: Show that (t/p) = (—1)“"?/2(t/3) and (u/p) = (2/p).) 


ili. Show that 3]a or 3|b but not both. 
iv. Observe that (t + b)(t — b) = a* — 3u?. 
. Suppose that 3|b. Show that 3+¢+ 5b and verify that (t/3) = 


((t + b)/3) = (-1)"" P72 /p). Hence (— 3)(2~ P/4 = 1 (mod p). 
Suppose that 3|a. Show that —(t/3) = ((t  b)/3) = (-1)""?7Q/p), 
where the sign is chosen so that the Legendre symbol ((¢ + b)/3) is 
defined, i.e., such that 3 + t + b. Hence (— 3)'?~/* = —1 (mod p). 
Prove that X? + 36Y? represents p if and only if X* = —3 (mod p) 
has a solution, and that 9X* + 4Y? represents p if and only if X* = —3 
(mod p) has no solution. 


CHAPTER 4 


Indefinite Forms 


1. Introduction 


In this chapter we solve an important class of Diophantine equations. 


Theorem 1.1. Let (X,Y) = aX? + bXY+cY? be an integral binary 
quadratic form and let m € Z. There is a finite algorithm to find all solutions 
(x, y) € Z? of the equation f(x, y) = m. 


It turns out that Theorem 1.1 is most interesting if the discriminant of 
f(X, Y) = aX? + bXY + cY? is positive and nonsquare. Then the set of 
integral solutions of the equation f(X,Y)=m for m #0 1s infinite if 
nonempty, so its members can not be listed. It is natural to try to impose a 
finitely generated algebraic structure on the set of solutions, then to list a set 
of generators. That is in fact what we will do. The most important case is the 
Pell equation X? — DY? = 1. 


Theorem 1.2. Let D be a nonsquare positive integer. 


i. The set Pel (4D) = {(x, y) © Z*|x* — Dy* = 1} is infinite. 


il. The binary operation (x, y)-: (u,v) = (xu + Dyv, xv + yu) is a group 
law on Pell (4D) for which PelC(4D) = {+1} X Z. 


It will turn out that if the discriminant of f equals 4D, then the group 
P/ett(4D) acts on the set of integral solutions of the equation f( X,Y) =m 
and the number of orbits is finite. The algorithm of Theorem 1.1 will produce 
a list containing one solution in each orbit. 
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We discuss the simple case X* — 2Y* = 1 in Section 2, then prove Theo- 
rem 1.2 in Section 3. 

Theorem 1.1 is proved in Section 4 by the derivation of a straightforward 
algorithm to solve the equation f(X, Y) = m. 

The set Pef?(4D) can of course be shown to be a group by direct 
verification of the group axioms. But one can search for naturally occurring 
groups with which it is in bijection. We discuss two such groups. In Section 3 
we show that Peff(4D) is isomorphic to the group of norm 1 units of the ring 
Z[VD }. In Section 5 we prove that Pett (4D) is isomorphic to the group of 
proper automorphisms of any primitive form of discriminant 4D. 

The reduction theory described in Section 6 is a detailed study of the 
proper equivalence relation for forms of positive nonsquare discriminant. 
Proofs will occupy Sections 7 and 8. 

The reduction theory is brought to bear on the automorphism group of a 
form in Section 9. This provides a second proof of Theorem 1.2. 


2. The Square Root of 2 


It must have been a research problem around 500BC to solve the equation 
z* = 2. The solution gives the length of the diagonal of a 1 x 1 square. The 
momentus discovery by the Greeks (Pythagoras?) that there is no rational 
number solution z amounted to the discovery of irrational numbers. 

A rational number z is the quotient of two integers: z = y/x, where 
x, y© Zand x # 0. So the Greeks’ discovery can be presented as follows. 


Theorem 2.1. Let x, y € Z satisfy the equation: y* = 2x?. 
Then x = y = 0. 


Proof. This is the classic descent. With x and y such that y* = 2x’, we prove 
by induction that x, = x/2" and y,=y/2” are integers for every integer 
n > 0. Indeed, suppose that x,, y, € Z. We have y? = 2x2, from which it is 
clear that y, is even. Thus 2x? is a multiple of 4, and so x, is also even. Hence 
Xn+i Yaoi © Z. But |x,| < 1 for sufficiently large n, which implies x, = 0. 
The result follows. a 


Failing to find a rational number that equals 72, we might search for 
rationals that approximate ¥2. It seems natural to look for integral points on 
the hyperbola y? = 2x? + 1 which is asymptotic to the line y = ¥2 x. The 
situation is better immediately because there are integer points on the hyper- 
bola, for instance (x, y) = (2,3) or (13860, 19601). 
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The ancients knew how to “multiply” solutions of the equation y? — 2x? 
= 1: If (x, y) = (u, v), (U, V) are two such solutions, then their “product” 


(u,v) - (U,V) = (uw + vU,2uU + vV) (2.2) 

is a third. This follows from the key identity 
(2uU + vV)” — 2(uV + vU)* = (v2 — 2u?)(V2 — 2U”). (2.3) 
Starting with one integer point (x, y) on the hyperbola in the first quadrant, 
we can find infinitely many others by taking “powers.” For example, let 
(x1, ¥,) = (2,3) and let (x,, y,) = (2,3)(x,_1, ¥,—-1) for n > 1. We will write 


(x,, y,) = (2,3)". We have the equality y” — 2x? = 1 for all n = 1 and, as is 
easily seen, the inequalities x, <x, <x;< --: and y,<y< -:: 


Two interesting formulas for (x,, y,) are easily proved by finite induction: 


(ir) (4 3) (2) omen ) 


x,v2 + y, = (2V2 +3) forn>1. (2.5) 


Table of solutions y” — 2x? = 1: 


n Xp Vn Yn Xn 

1 a) 3 1.5 

2 12 17 1.416... 

3 70 99 1.41428... 

4 408 577 1.414215... 

5 2378 3363 1.4142136... 

6 13860 19601 1.414213564... 

7 80782 114243 1.4142135624... 

8 470832 665857 1.414213562374... 
9 2744210 3880899 1.4142135623731... 
10 15994428 22619537 1.414213562373096... 


V2 = 1.4142135623730950... 


Aside from its theoretical value, the power of (2.2) to generate quickly 
tables of integer solutions of the equation y” — 2x? = 1 like the one shown is 
really quite extraordinary. 

When an equation has an infinite number of solutions we can not list them 
all. So what does it mean to “find all the solutions?” Usually it just means to 


find a pretty description of the set of solutions. Such a description is available 
for the equation y”? — 2x? = 1. 
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Theorem 2.6. Let u,v be positive integers such that v? — 2u? = 1. 
Then there is an integer n > 1 such that (u, v) = (x,, y,). (In other words, 
(u, v) = (2, 3)” for some n > 1.) 


Proof. The proof is by induction on u. 

Let u,v be positive integers such that v? — 2u? = 1. Clearly u=1 is 
impossible and u=2 implies that (u,v) = (2,3) = (x, y,). So suppose 
that u> 2. Let (u,, v0,) = (—2,3)- (u,v) = Bu — 2v,3v — 4u), so that 
(u,v) = (2,3)(u,,0,) and v? — 2u2=1. From v/u> y2 it follows that 
u, <u and that v, > 0. Since u> 2, we can compute that v 
= ¥2u2 +1 = \(3u/2)? +1 — (u/2)’ < 3u/2, which means that u, > 0. 
Hence an inductive hypothesis applies to (u,, v,). We conclude that (u,, v,) = 
(x,, y,) for some n > 1, and therefore (u, v) = (X,.41, Yn41)- a 


It is easy to bound the error with which y,/x, estimates 72. We find, for 
example, that the estimate with n = 10 is accurate to 14 decimal places, which 


is better than that provided by a hand-held calculator. 


Proposition 2.7. 


1 
Pm a <a 1078" - YD” ~=forn> 1. 


22 x 


ii. Let x, y be positive integers such that | y/x — v2 | =1 700 
Then y* — 2x? = +1. 


Proof. i. Let x, y > 0 satisfy y? — 2x* = 1. Then 


a 1 1 1 


ete! be x(y +xv2)  x(xv2 + xv2) 22x?’ 


Also 


x, = 3x,_,+2y,_,> (3+ 2v2)x,-1> °°: > (3 +22)" x 
forn> 1. 


Therefore, 


< 1/10 CRED 


Mi 1 
A gy2(3 + 2v2)" 


where we have made use of the inequality (3 + 2V2)* > 10°. 
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ii. Let x, y be positive integers such that |y/x — ¥2| < 1/2x*. Then 
ly — ¥2x| <1/2x and |y + ¥2x|<y+y+1/2x. Multiplying the two in- 
equalities yields 


1 


1 
N22. os aa ee Se 
ve Ix 


y 1 
ee al (eee ere 
ly | x 4x? 4x? 


If x > 2, then |y” — 2x? is an integer less than 2, which by Theorem 2.1 can 
only be 1. If x = 1, then y = 1, which gives y? — 2x” = —1. The proposition 
is proved. a 


Exercises 


1. Prove formulas (2.4) and (2.5). Show that x, = 6x,_, — x,_, and that 
Y, = 6Y,-1 — Vy_-2 for n => 3. 


2. Multiply out (uJ/2 + v)(UV2 + V) and compare with formula (2.2). 


3. Show that the product (2.2) is a commutative group law on the set 
{(x, y) € Z*|y? —2x*=1}. Prove that the group is isomorphic to 
{+1} x Z. 


4. (Converse to Proposition 2.71.) Let x, y be positive integers such that 
ly? = 2x?| = 1. Prove that |y/x — y2| < 2x. 


5. i. Show that rule (2.2) defines a product on the set of pairs of integers 
(x, y) such that |y? — 2x?| = 1. 


ii. Let u,v be positive integers such that |v* — 2u?| = 1. Prove that (wu, v) 
= (1,1)” for some n > 1. 


6. Find all positive integer solutions x, y of the equation y* — 3x* = 1. 
Discuss the approximation of ¥3 by rational numbers. 


3. The Pell Equation 


Definition 3.1. Define the Pell form f, for a nonzero discriminant A by the 


equation 
A ° 
x?— —y? if A = 0 (mod 4) 
4 
f(x, y) = (A — 1) . 
x? + xy — ———y*?_ if A= 1 (mod 4) 
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The Pell equation is the equation f,(x, y) = 1. The negative Pell equation is 
the equation f,(x, y) = —1. Define Peff(A) = {(x, y) © Z*|fx(x, y) = 1}. 
Define Pell *(A) = {(x, y) € Z*| f(x, y) = £1}. 


Note that f, is an integral binary form of discriminant A. 

In this section we will find all solutions (x, y) € Z? of the Pell equation. It 
turns out that the solution set Aef?(A) can be made into a commutative 
group in a natural way. (The binary operation is given by (3.14).) We will 
determine the isomorphism class of the group. As will be seen in this chapter, 
the Pell equation has an important distinguished role in the theory of binary 
quadratic forms. 

It is easy to see that the two trivial solutions (1,0) and (—1, 0) are the only 
solutions (x, y) € Z? of the Pell equation if the discriminant A is the square 
of an integer or if A < —4 (exercise). There are 4 and 6 integral solutions in 
the cases A = —4 and A= —3. Petf(A) 1s a finite cyclic group in all these 
cases. 

The facts are more interesting for a positive discriminant A that is not the 
square of an integer. The Pell equation with A = 8, which is the equation 
x* — 2y* = 1 discussed in Section 2, is typical. The solution set is infinite but 
can be generated, in a sense to be made precise, by a single nontrivial solution. 
The hardest thing to prove is the existence of a nontrivial solution. 

Section 3 is devoted to the Pell equation with positive nonsquare discrimi- 
nant A. We begin by generalizing the theorem that y2 is irrational. 


Proposition 3.2. Let D © Z. If VD € Z, then VD € Q. 


Proof. If VD € Q, then there exist a, b € Z with b > 0 such that a* = Db’. 
We prove by induction on 5b that bja. This is trivial if b = 1. If b > 1, let p be 
a prime divisor of b. Clearly p|a* and hence pla. Since (a/p)* = D(b/p)’, an 
inductive hypothesis shows that b/p divides a/p, whence bla. It follows that 
D =(a/b)’ € Z. = 


Thus it is the same to say that an integer is not the square of an integer and 
that it is not the square of a rational number. We will simply say that such an 
integer 1s nonsquare. 


Theorem 3.3. Let D € Z be a positive nonsquare. There exist (x, y) € Z? 
such that x* — Dy? = 1 and y # 0. 


We need a lemma. 


110 INDEFINITE FORMS 


Lemma 3.4. Let D©€Z be a positive nonsquare and let m be a positive 
integer. Then there exist (x, y) € Z? such that 0 < y < m, |x — yVD| < 1/m, 
and |x? — Dy?| < 2VD +1. 


Proof. By the pigeon-hole principle. Let x, = [iVD] for i = 0,1,..., m. Each 
of the m+ 1 real numbers iVD — x, belongs to one of the m open intervals 
(k/m,(k + 1)/m), 0 < k < m— 1. Hence there exist integers i and 7 such 
that 0<i<j<m and (ivD =e (jVD — x;)|< 1/m. Taking x 
= XxX, — x; and y = 7 — i, we getO < y < mand |x — yVD| < 1/m. Multiply- 
ing the two inequalities |x — yVD| <1/m and |x + yVD| =\(x — yVD) + 
2yVD| <1/m + 2myD reveals that |x? — Dy?| < 1/m? + 2VD < 2yD +1. 

i 


Proof of Theorem 3.3. For each positive integer m there is a pair (x, y) © Z? 
as in Lemma 3.4. Because yD is irrational and y # 0, one pair (x, y) can 
satisfy the inequality |x — y/D| < 1/m for only a finite number of m. Hence 
there is an infinite number of distinct pairs (x, y) € Z? such that |x? — Dy?| 
< 2VD + 1, 

By the pigeon-hole principle there must exist k € Z, 0 <|k| < 2VD +1, 
such that x* — Dy* = k has infinitely many solutions (x, y) € Z?. Each such 
solution belongs to one of only k? congruence classes mod k, so by the 
pigeon-hole principle we can select a congruence class containing infinitely 
many of them. Thus there exist (x,, y,),(x, ¥)) € Z* such that (3.5a, b, c) 
hold: 


x} — Dy? = x3 — Dys =k #0, (3.5a) 
X,—-X,=y,-y2.=O0 (modk), (3.5b) 
(x15) # £(%, 2). (3.5c) 


Define x, y € Q by the equation 


x, + y,VD 


Sh ogy Dy 
4 X> + yVD 


x, — yoVD 
= (x, + yD). 
We finish the proof of Theorem 3.3 by showing that (x, y) © Z*, x? — Dy? = 
1, and y # 0. 
Note that x — yVD = (x, — y,VD)/(x, — y,vD). It follows that 


x? — Dy? = (x + pWD)(x — yVD ) = (x? — Dy2)/(x3 — Dy?) =1. 


To prove that x and y are integers, begin with the expressions x = 
(x,x, — Dy, y,)/k and y = (x,y, — X,y,)/k. Then calculate, using (3.5a) and 
(3.5b), that kx = x? — Dy? = 0 (mod k) and ky = x,y, — x,y, = 0 (mod k). 
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Now suppose that y = 0. From x? — Dy? = 1 it would follow that x = +1, 
which would contradict the fact (3.5c) that x + yVD # +1. We conclude that 
y#O0. | 


Corollary 3.6. The Pell equation f,(x, y) =1 has a solution in positive 
integers x and y for every positive nonsquare discriminant A. 


Proof. If A = 0 (mod 4), this is just Theorem 3.3 where D = A/4. 
If A = 1 (mod 4), choose u, v € Z with u and v > O such that u* — Av? = 1. 
Then f,(x, y) = 1, where x = u — v and y = 2v. 


The set of integral solutions of the equation x” — Dy” = 1 for a nonsquare 
positive integer D can be easily analyzed by following closely the model in 
Section 2 for D = 2. All solutions with positive x and y are suitable powers of 
a minimal “fundamental” such solution, which exists by Theorem 3.3. We 
prefer, however, to develop this theory in another language, that of rings 
generated by irrational square roots that generalize the ring of Gaussian 
integers. Though not essential, this clarifies the mathematics by giving a 
conceptual basis for the group law on #Peff+*(A). We proceed to the neces- 
sary preliminary formalities. 

Define Vx for x # 0 © R in the standard way: If x > 0, then vx > 0; if 
x <0, then Im yx > 0, ie., Vx = iy|x| € C. 


Definition 3.7. For a nonsquare discriminant A let Q(VA) = (i yVA|x, y 
€ Q}. We define conjugation o and norm N on Q(VA) as follows: For 
x, y€Q@ and a=x +4 pA, set o(a) = x — yVA € Q(VA) and N(a)=a- 
o(a) =x?-Ay*E€Q. 


Note that the definition of the conjugation o depends on the fact (Proposi- 
tion 3.2) that VA is irrational for nonsquare discriminants A. In order to 
define o(a) for a € Q(VA) in terms of an expression a = x + yVA, where 
x, y © Q, we must know that a has a unique such expression. 

If A > 0, then Q(VA) C R. In all cases Q(VA) C C. If A < 0, then o is just 
complex conjugation. 

The elementary properties of Q(VA ) that we will need are summarized in 
the next lemma. 


Lemma 3.8. Let A be a nonsquare discriminant. 


i. Q(VA ) is a field. 

ii. o: Q(VA ) > Q(VA) is an isomorphism of fields. 
iii. N(aB) = N(a)N(B) for all a, B € Q(VA). 
iv. N(a) = 0 if and only if « = 0, for all a € Q(VA). 
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Proof. iv holds because A is not a rational square. Q(VA ) is clearly a ring. The 
calculation a(o(a)/N(«)) = 1 for a 0 € Q(VA) shows that a is invertible 
and hence that Q(vVA) is a field. A quick computation shows that o preserves 
sums and products. Since o is its own inverse, o is a bijection and is hence a 
field isomorphism. Multiplicativity of N follows from multiplicativity of o: 


N(aB) = aBo(aB) = ao(a)Bo(B) = N(a)N(B). = 


The multiplicativity of the norm map, Lemma 3.811, generalizes the identity 
(2.3). To see how, let a, = x, + yA, where x,. y, € Q. The equation N(a,a,) 
= N(a,)N(a,) is the identity 


(x1x2 + Ayy)” — A(x + yx)” = (2? — Ay?) (x3 — Ay?). 


The focus for the rest of Section 3 will be on an important subring 0, of 


Q(vA). 


Definition 3.9. The A-order ©, is defined for nonsquare discriminants A to be 
the ring O, = {x + ypa|x, y € Z} where 


yA/4 if A = 0 (mod 4) 


oie VA)/2 if A =1(mod4) 


A trivial check (exercise) shows that , is actually a subring of Q(VA) as 
claimed. The congruence condition on A enters into the verification that 0, is 
closed under multiplication. Note that O_, is nothing but the ring of Gaussian 
integers. 

It is the norm map that yokes the rings ©, to the Diophantine equations we 
are aiming to study. The basic calculation: 


N(x + yoy) =f,(x, vy) forall x, y € Q. (3.10) 


Thus solving the Pell equation means finding the elements of 0, of norm +1. 
Since these elements are in a ring they can be multiplied, which explains the 
earlier product rule (2.2) for combining solutions of the equation x* — 2 y? 
= 1. 


Lemma 3.11. Let A be a nonsquare discriminant and let a € @,. Then a is a 
unit in 0, if and only if M(a) = +1. 


Proof. If a is a unit in OQ, then there exists B € O such that af = 1. It 
follows that N(a)N(B) = 1. Since all elements of ©, have integral norm, we 
can conclude that M(a) = +1. Conversely, if Na = +1 for a € Q,, then 
a! = o(a)/N(a) belongs to , and so a is a unit. a 
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We have discovered, (3.10) and Lemma 3.11, that the problem of solving 
the positive and negative Pell equations is the same as the problem of 
determining the group of units of the ring @,. It is natural to make use of the 
group structure in describing the set of solutions of the equations. Some 
notation for the relevant groups of units will facilitate the discussion. 


Notation 3.12. The unit group OX is defined for nonsquare discriminants A to 
be the group of units of the ring (. 


Define OX, = {a € Ox|N(a) = +1}, the subgroup of units for norm +1. 
For A > 0, define OX ,= {a © Ox|a > 0}, the subgroup of positive units. 


By (3.10) and Lemma 3.11 there is a bijection ~: Pel? *(A) > OX given 
by w(x, vy) = x + yp,y. Since it is in bijection with a commutative group, 
Pell *(A) itself is a group for every nonsquare discriminant A. We simply use 
y to transport the group law from Ox, so that by definition a-b= 
W(b(a)W(b)) for every a,b € Peff+*(A). In other words, the product 
(u,v)- (U,V) of two elements (u, v),(U,V) € Pell *(A) is defined by the 
rule 


(u,v)-(U,V) =(x, y), where x + yp, = (u + vp,)(U + Vp,). (3.13) 
It follows by a calculation (exercise) that 


A 

[ww + —vV,uV + ou | if A = 0 (mod 4) 
4 

(u,v) - (U,V) = 


[w+ vUV,uV + 0U + oF | if A = 1 (mod 4) 


(3.14) 


The group structure on Peff*(A) has been defined just so that y: 
Pell *(A) > OX is an isomorphism of groups. Restricting ~ to subgroups 
gives an isomorphism #eff(A) = Of ,. Solving the Pell equation will mean 
determining the groups Pef?(A). 

There is a construction of 0, for positive square discriminants A given in 
the exercises. This leads to a group structure on #Peff*(A) with binary 
operation given by (3.14). Alternatively, it can of course be verified by tedious 
direct calculation that (3.14) is a group law on #eff*(A) with identity 
element (1,0) for all nonzero discriminants A. Thus the ring @, need not 
intervene in the development at all. 

The explicit determination of the groups Aef?(A) for negative discrimi- 
nants and for positive square discriminants is relegated to the exercises. For 
the rest of this section we will deal exclusively with positive nonsquare 
discriminants A. 
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We can now state and prove the main theorem of Section 3. 
Theorem 3.15. Ox ,= Z for every positive nonsquare discriminant A. 


Proof. Let A be a nonsquare positive discriminant. 

Ox , is a subgroup of the multiplicative group of positive real numbers. 
First note that Ox , contains units greater than 1. Indeed, by Corollary 3.6 
there exist positive integers x and y such that f,(x, y) = 1. Thena = x + yp, 
e Ox , and a> 1. We prove next that OX , contains a minimal element 
greater than 1. 

Let a € Ox ,. Then a is a root of the polynomial (X — a)(X — o(a)) = 
X? — mX + 1, where m = a + o(a) € Z. If a > 1, then |m| < a + |o(a)| < 
a +1.Let B > 1. Every a € Ox , such that 1 < a < B isa root of one of the 
polynomials X7 — mX + 1 such that m € Z and |m| < B + 1. Since the roots 
of a finite number of polynomials are finite in number, we can conclude that 
Y= {ae & ,|1 <a < B} is a finite set. If B is large enough, then Y is 
nonempty and so must contain a minimal element e. Then ¢ is clearly minimal 
in {a € OX ,|a > 1}. 

Now let a € OX ,. There exists n © Z such that e” <a <e"*'. Then 
1 < a/e” < «. The minimality of « among units of ©, greater than 1 implies 
that a/e” = 1, so a = e”. Therefore the homomorphism ¢: Z > Ox ,, o(n) = 
€”, 1S a group isomorphism. a 


Corollary 3.16. Let A be a positive nonsquare discriminant. 
Let €, be the smallest unit of 0, that is greater than 1 and let 


e, if Ne,= +1 
a \e if Neg = -1]" 


Then Pell *(A) = OX= {+eh|n € Z} = {+1} X Z and Pell(A) = OK, 
={in'|n © Z} = {+1} x Z. 


Proof. Since —1 © OX, every a © Ox can be written in the form a= 
sign(a)|a|, where jal € Ox , and Nal) = N(a@). a 


Definition 3.17. The fundamental unit €, is defined for a positive nonsquare 
discriminant A to be the smallest unit of ©, that is greater than 1. 


The message of Corollary 3.16 is that all integral solutions of the Pell 
equation f,(x, y) = 1 for a positive nonsquare discriminant A can be found 
from knowledge of the fundamental unit ¢€,. In the remainder of Section 3 we 
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spell this out for the case of even discriminant A, including a crude method to 
find e Ae 


Theorem 3.18. Let D be a positive nonsquare integer, so that f4y(x, y) = x? 
— Dy?. 

i. Let y be the smallest positive integer such that one of Dy? +1 or 
Dy* — 1 is a square and let x be the positive integer square root. Then 
€4 4.2 oe yVD : 

ii. Define (x,, y,) € Z* by the equation x, + y,V/D = ep, for all n € Z. 
Then Pell t(4D) = {+(x,, y,)|n © Z} and x? — Dy? = (Negn)” = (<7 - 
Dy;)". 


Proof. i. This is just a restatement of Corollary 3.16. 

i. Let a = x + yVD, where (x, y) € elf *(4D). We observe that a > 1 if 
and only if x > 0 and y > 0. Indeed, if a > 1, then |o(a)| = 1/a < 1 and so 
a > +o(a). The two equations x + yVD > x- yVD and x + yVD > 
—x + yVD show that x > 0 and y > 0. The converse is trivial. 

Now let (x,, y,) be as in Theorem 3.18ii, ic., x, + y,VD = e%p. Since 
€4p > 1, we have x, >0 and y, >0 for n> 0. Thus y,,, = x,y, + yx, > 
x,y, = y, for all n > 1. Hence we have the inequalities 0 < y, < y, < y; < 
--- . So to find the fundamental unit €,,, look for the smallest positive 
integer y for which there is a positive integer x satisfying one of the two 
equations x? — Dy? = +1, then €,) = x + yVD. This is what we set out to 
prove. Ea 


Consider the example A = 102 = 4- 26. Since 26-17 — 1 = 5’, we can 
Write €19) = 5 + V26. Set x, + y,v26 = (5 + ¥26)". We have Pell *(102) = 
{£(x,, ¥,)|n © Z}, and, since Neyo = —1, Pell(A) = (+(X on, Van) 
n © Z}. It is easy to prove that 


Xn\ _ (5 26\ "(1 
Yn 1 5 0} 
If we want all solutions of x? — 26y” = 1 in positive integers x and y, we just 


take (xX 5,, y2,) for positive integers n. We can begin a table of solutions of 
x* — 26y* =1: 


n 2 4 6 
(X,5 Yn) (51, 10) (5201, 1020) (530451, 104030) 


It must be observed that the algorithm Theorem 3.181 to find the fundamen- 
tal unit €4,, = x + yVD is horribly slow if y should happen to be very large, 
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as it can be even for quite small D. A much faster method to find €p will be 
presented in Section 9. 


Exercises 


1. Let D € Z and let n be a positive integer. Prove that if VD € Z, then 


VD €Q. 
2. Find all integer solutions of x* — Dy* = 1 for D = 7, 8, 10, 11, and 23. 
3. Find all integral solutions of the equation x” + 6xy + 7y* = 1. 


4. Find the five smallest positive integers x such that (x + 1)? — x? is the 
square of an integer. 


5. i. Let M © GL,(R), let a, b © R, and let 


Gn) (5) 


for n<&Z. Prove that x, = tr(M)x,_, —det(M)x,_, and y, = 
tr(M)y,_, — det(M)y,_, for all n € Z. 

ii. Let A be a nonsquare positive discriminant and let €k = x, + y,, with 
x,, ¥, © Z for all n € Z. Find a, B € Z such that x, = ax,_, — Bx,_> 
and y, =ay,_, — By, _> for all n. 


6. Prove that ©, is a ring for nonsquare discriminants A. Verify that (3.14) 
follows from (3.13). 


7. Let D & Z. Prove that x* — Dy? = —1 has no integral solution if 
i. D has a prime divisor congruent to 3 (mod 4), ii. D = 3 (mod 4), or ili. 
D = 0 (mod 4). 


8. Let p be a prime, p = 1 (mod 4). 

i. Let (u,v) € Z?* be the solution of the equation x” — py* = 1 with 
u> 0, v > 0, and v minimal. Show that u=1, v = 0 (mod 2), and 
that (u + 1)/2-(u— 1)/2 = p(v/2)’. 

ii, Show that there exist a,b €Z such that (u—1)/2 =a’ and 
(u + 1)/2 = pb’. 

iii. Prove that there exist x, y © Z such that x? — py”? = —1. 

iv. Prove that there exist x, y © Z such that f,(x, y) = —1. 


9. Let A be a nonzero discriminant. Verify by direct calculation that 
fi((u, v (U, V)) = fu, v) fy(U, V) for all (u, v),(U,V) € Q*, where 


EXERCISES 117 


(u, v)(U, V) is defined by (3.14). Hence show that both Peff*(A) and 
Pet¢(A) are closed under the binary operation given by formula (3.14). 
Show directly that (3.14) is a group law on Pel? *(A). 


10. Let D be a positive nonsquare integer. Let (x, y) € Z* be the solution of 
the equation x* — Dy* = 1 with x > 0, y > 0, and y minimal. Show by 
the method of proof of Theorem 2.6 that 


{(u, v) € Z*|u? — Dv? =1,u>0,0>0} = {(x, y)"n>0 eZ}. 


11. Let A = Q@ x Q be given a ring structure in the usual way: (x, y)- 
(X,Y) = (xX, yY). Define conjugation o and norm N on A by the 
formulas o(x, y)=(y,x)€A and M(x, y) = xy € Q. Prove that oa: 
A — A is a ring isomorphism and that N(aB) = N(a)N(B) for a, B € A. 
Let m be a positive integer and let A = m?. Note that A is a discriminant. 
Let O, = {(u, v) € Z*|u =v (mod m)}. Prove that ©, is a subring of A 
and determine its group of units. Let p, = (m/2, —m/2) if m is even, 
Py = (A + m)/2,(1 — m)/2) if m is odd. Show that O = {x(1,1) + 
yexlx, y) € Z*} and that M(x(1,1) + yo,) = fx(x, y). Prove that 
Wy: Pell *(A) > OX, W(x, vy) = x(1, 1) + yp,, is a bijection. Show that 
the group law on Pel? *(A) that is induced by w is given by (3.14). 


12. Let A be a nonzero discriminant. Sometimes the equation x? — Ay* = 4 
is called the Pell equation. Justify this terminology by proving that there is 
a bijection A: Peff(A) > {(x, y) € Z*|x* — Ay? = 4} given by the 
formula 


(2u, v) if A = 0 (mod 4) 
Mee os +v,v) if A=1(mod4)_ 


13. i. Show that Peff(A) = {+(1, 0)} if A is a positive square or if A < —4. 
li. Show that Peff(—4) = {+(1,0), + (0, 1)}, a cyclic group of order 4. 


iii. Show that Pef/(— 3) = {+(1,0), +(0, J), +1, — 1}, a cyclic group of 
order 6. 


14. Let A be a nonzero discriminant. Show that 02, C O, and that 07, C OX 
for every m # 0 € Z. Show that if A is a positive nonsquare, then e€,,2, is 
a positive power of e, for every m #0 € Z. 


15. Let D be a nonsquare positive integer and let (x,, y,) € Z* be defined by 
the equation «7, = x, + y,VD for n € Z. 
i. Prove that GCD(x,, y,) = 1. 
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ii. Show that lim, ,..x,,/y, = VD. 


iii. Prove that |x,/y, — VD| < 1/2VD — 1y? for all n > 0. 


16. 


17. 


18. 


19. 


Let A be a nonsquare positive odd discriminant. 

i. Let a = x + yp, © OX, with (x, y) € Z?. Show that a > 1 if and only 
if x >Oand y>0.(x >Oand y>OifA#5,) 

ii. Let «7 = x, + y,0,, where (x,, y,) € Z”, for n € Z. Prove that 0 < x, 
<X,5X3,< +++ <--> andO<y, < yy <yz3< +--+ < --- , where 
x, = 0, x, = x3, and y, = y, only if A = 5S. 


iii. Find ¢, for A = 5,13,17,21,29, 33. 


iv. Show that GCD(x,, y,) = 1, that lim, .., x,/y, = (VA — 1)/2, and 
that |x,/y, — (VA — 1)/2| < 1/ VA — 4y? for all n > 0. 


Show that «2 = F,_,+ Fp, for n > 0, where the F, are the Fibonacci 
numbers: Fy = 0, F, = 1, and F,= F_, + F._, fori >= 2. 


Find an infinite number of integral solutions of the equation x? — 7y* = 2. 


Let d be an integer that is not a cube, let 0 = FI E R, and let g(x, y, z) 
= x? + dy? + d’z? — 3dxyz. There is a binary operation on the set X, = 
{(x, y, z) © Z?|g,(x, y, z) = 1} given by the rule (x, y, z)(u,v, w) = 
(X,Y, Z), where X+ YO+ ZO? =(x+ y04+ 26*)(u+ v0 + w6). In 
this way X, becomes a commutative group, in fact in natural isomorph- 
ism with a subgroup of index 2 of the group of units of the ring Z[@] = 
{x + yO + 207\(x, y, z) € Z°?} CR. It can be shown that X, = Z. It can 
be shown that X, is generated by (1,1,1) and that X, is generated by 
(1, — 6,3). Calculate the second and third powers of these generators, and 
thereby find more elements of X, and X,. 


4. aX? +bXY¥Y+cY*=m 


Let f(X, Y) = aX* + bXY + cY? be an integral binary quadratic form and 


let 


m © Z. We will show that there is a finite algorithm to find all solutions 


(x,y) € Z? of the equation f(x, y) = m. But the algorithm to be presented 
is dreadfully slow. Another method will be sketched in the exercises for 
Section 6. 

The nature of the problem depends on the discriminant A of f. 

If A is a square, then it is easy to see (exercise) that f is a product of two 
linear forms with integer coefficients: f(x, y) = (ax + By)(yx + Sy) where 
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2 

a,B,y,5€Z and A= der * ‘4 . Given a factorization m= pq, where 
P,q © Z, we can solve the system aX + BY = p, yX + bY = q for (X,Y) € 
Z* by the method of Chapter 1, Section 4 (Euclidean algorithm). Doing this 
for all factorizations of m we will find all integral solutions of the original 
equation f( X, Y) = m. Factoring integers is hard, but it cannot be avoided if 
A > 0, as is shown by the equation xy = m. If A = 0, then no factoring is 
required since f(X, Y) = A(ax + By)’, where A, a, B € Z. 

If A < 0, then completing the square on f leads to bounds on the size of 
solutions of the equation f( X,Y) =m. The expression f(x, y) = ((ax + 
(b/2)y)* + |A/4|y?)/a = (\A/4|x? + ((b/2)x + cy)*)/c =m implies that 
|x| < |4cm/A|!” and |y| < |4am/A|'/”*. All integral solutions of the equation 
f(X, Y) = m belong to the set @ of pairs (x, y) € Z? satisfying these bounds. 
Since % is finite, it can be searched for solutions. 

If A is a positive nonsquare the problem is more subtle, as for the Pell 
equation. The set of integral solutions of f(X, Y) = m if nonempty is infinite, 
sO it is natural to try to describe the solution set in terms of some algebraic 
structure. The main theorem of Section 4 is that the group Aef?(A) acts on 
the set Y= {(x, y) € Z*|f(x, y) = my}, that the number of orbits is finite, 
and that a list containing exactly one element from each orbit in Y can be 
produced. Such a list amounts to a solution of the equation f(.X, Y) = m. 

For the remainder of Section 4 all discriminants A are supposed nonsquare. 

We begin by generalizing the construction of the ring ©, from the Pell form 
fx. The process is motivated by the factorization 


b+ yA b—yA 
ax* + bxy +cy* =|xat+y xat+y a. (4.1) 


Z 2 


Definition 4.2. The module M, of an integral binary quadratic form f = ax? + 
bxy + cy* of nonsquare discriminant A = b* — 4ac is the OQ, module M, = 
{xa + y(b + VA)/2|x, y € Z} c Q(VA) C C. Note that M, = %. 


It must be checked that M, is really an ©, module. The key point is closure 
of M, under scalar multiplication by elements of O. The necessary calculation 
1S 


ey . b+vVA 
2 


(u as o)| + y 
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where 


b 
ui =v av 
(x, y) A if A = 0 (mod 4) 
—cU u+ 5° 
x’, Vv) = . (4.3 
(x’, y’) — (4.3) 
u + 5 i) av 
(x, y) ee if A = 1 (mod 4) 
— CU u+ 5 V 


If u,v, x, y © Z in (4.3), then also x’, y’ € Z, because b = A (mod 2). 
It is the norm map on M, that interests us. 


Proposition 4.4. Let f = ax? + bxy + cy’ be an integral form of nonsquare 
discriminant A. The formula W(x, y) = xa + y(b + VA)/2 defines a bijection 


wv: {((x, vy) € Z7|f(x, y) =m} > {y € M,|N(y) = am}. 


Proof. This is just a fancy way of saying that N(xa+y(b+ VA )/2) = 
af(x, y) for all (x, y) € Z?, which follows from (4.1). = 


Because the norm N is multiplicative, the group Ox, of units of norm +1 
in O, acts by scalar multiplication on the set 2= {y © W,|N(y) = am}: If 
a& Ox, and y © 2, then M(ay) = Ny), which shows that ay € . By 
Proposition 4.4, Ox, also acts on Y= {(x, y) © Z*| f(x, y) = m}: By defini- 
tion a- (x, y) =p (a- P(x, y)) for all a € OX, and (x, y) € Y. The ac- 
tion of Ox, on & is given explicitly by the formulas (4.3). 

The action of Of, on the set Y of integral solutions of the equation 
f(X, Y) = m is most interesting when the discriminant A of f is a positive 
nonsquare, because then the group Ox, is infinite. The orbit of each solution 
will then be infinite, and so the set Y will be either empty or infinite. The 
principal result of Section 4 is that the number of Ox, orbits in Y is finite and 
that a list containing exactly one element in each orbit can be presented. Since 
Ox , can be explicitly determined, the set Y is satisfactorily described by the 
presentation of such a list, called a set of representatives of the orbits. 


Theorem 4.5. Let f(x, y) = ax? + bxy + cy” be an integral form of non- 
square positive discriminant A = b* — 4ac and let m #0 € Z. 
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Let + = 1% be the smallest unit of O<, that is greater than 1. 
i. Every Ox, orbit of integral solutions of the equation f(X,Y) =m 
contains a solution (x, y) © Z? such that 


amr |1/2 1 am Vie 
1— —| =|—(7 + o(7) — 2) if am > 0 
ne A T A 
ie amr |1/2 1 am 1/2 
La= =|F (r+ o(7) +2) if am <0 
A T A 


ii. Two distinct solutions (x,, y,) # (x3, y2) € Z? of the equation f(X, Y) 
=m such that 0 < y,< U belong to the same Ox, orbit if and only if 
Vy =). = 0 or yy = y, = Uz. 


Corollary 4.6. There is only a finite number of Ox, orbits of integral solutions 
of the equation f( X, Y) = m. There is an algorithm to list a set of representa- 
tives of the orbits. 


Proof of Corollary 4.6. By Theorem 4.5i, every Ox, orbit of integral solutions 
of the equation f( X, Y) = m contains an element in the finite set 2= {(x, y) 
© Z*|f(x, y) =m and 0 <y < U}. The elements of 2 can be listed and 
then sorted into orbits using Theorem 4.511. Es) 


Proof of Theorem 4.5. Let (u,v) € Z? satisfy the equation f(u,v) =m. If 
necessary, replace (u,v) with —(u, v) (which is in the same Of, orbit since 
—1 € OX,) so that L = ua+v(b+VA)/2>0. Let r*L = ax, + 
((b + VA )/2) yy, where (x,, y,) € Z’, for all k € Z. By Corollary 3.16 the 
Ox, orbit of (u, v) is precisely the set (+(x,, y,)|k € Z}. We prove next that 
ly,| < U if and only if |am/r|'/”? < r*L < |amz|'”. 

Note that Lo(L) = am and that o(r*L) = + *o(L) = ax, + 
((b — VA)/2)y,. It follows that VAy, = 7*L — o(r*L) = t*L — am/t*L. So 
we can study y, by studying the continuous function g(t) = ¢ — am/t for 
t>0O€R.If am > 0, then g(t) is monotone increasing. If am < 0, then g(t) 
decreases for t < |am|'/”, increases for t > |am|'/*, and is positive for all 
t > 0. In both cases, |g(t)| = UVA for t =|am/r|!/? and t = |amt|!”. We 
can conclude that |g(t)| < UVA if and only if |am/t|!/? < t < |amz|'””. We 
get what we want by taking ¢ = T“L. 

Now let k be the unique integer such that |am/t|'/? < t*L < |amzt|'”*. 
There are two cases to analyze. We will say that (x, y) € Z? is reduced iff 
f(x, vy) =m and0O<y<U. 


Case I. |am /7\|'/? < c*L. In this case k is the unique integer such that 
|y,| < U, and in fact |y,| < U. If y, # 0, then the unique reduced element of 
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the Ox, orbit of (u,v) is (x, y) = +(x,, y,) with the sign chosen so that 
y > 0. If y, = 0, then there are exactly two reduced elements in the orbit of 
(u,v), namely (x,,0) and (—x,,0). 


Case 2. |am /7|!/? = r*L. In this case |y,| = |y,,,| = U # 0 and |y,| > U for 
1#k,k +1. There are exactly two reduced elements of the OX, orbit of 
(u,v), namely (x, y) = +(x,, yy.) and (Xx, y) = £(Xq415 Yes1) with the 
signs chosen so that y= y’ = U> 0. 


We have proved that every Of, orbit of solutions contains a reduced 
solution, which is the assertion of Theorem 4.51. The preceding case analysis 
shows that if (x, y) and (x’, y’) are reduced elements in the same Ox, orbit of 
solutions, then y = y’=0 or y=y’ =U, which is the “only if” half of 
Theorem 4.5ii. 

Finally, suppose that (x, y) and (x, y) are distinct integral solutions of the 
equation f( X,Y) =m. If y = U, then the preceding argument applied to 
(u, v) = (x, y) leads to Case 2 and the existence of a solution (x’, y) # (x, y) 
in the orbit of (x, y). Since the equation f(X, y) =m has at most two 
solutions for X, we must have (x’, y) = (x, y). If y =0, then (x, y) = 
—(x, y). In both cases (x, y) and (x, y) belong to the same Ox, orbit of 
solutions. This completes the proof of Theorem 4.511. | 


To find a set of representatives of the Ox, orbits of integral solutions of the 
equation f( X, Y) = m by the method of Theorem 4.5, we must find for each 
integer y such that 0< y<U all integers x such that f(x, y)=™m. If 
f(x, y) =m, then Ay* + 4am = (2ax + by)’, so x = (x’ — by)/2a or x = 
(—x’ — by)/2a, where x’ = Ay? + 4am. A necessary but not sufficient 
condition for x to be integral is that Ay* + 4am be a square. 

As an example, we find the set ¥ of all integral solutions of the equation 
17X72 + 32XY+14Y* =9. We have A=72, , =e, =17+ 4y18, and 
U = (17 - 9)/72 - 32|!”? = 8.246. In the range 0< y < 8, Ay? + 4am= 
6*(2 y* + 17) is a square only for y = 2 and 4. We find that there are exactly 
two Ox, orbits of solutions and that {(—1, 2), (—5,4)} is a set of representa- 
tives. The full set of integral solutions is thus {+7*(—1, 2), +7*(—5,4)|k € 
Z}\. The calculation (4.3) shows that 7 - (x, y) = (x’, y’), where (x’, y’) = 


(x, v)( a |. The final description of Y is as explicit as could be desired: 


= = k = k 9 fred “ 
P= (+(-1,2)T*, £(-5,4) Tk © Z}, where T oe a 


Exercises 


1. Let f be a primitive integral binary quadratic form of nonsquare discrimi- 
nant A. Prove that O, = {a € Q(VA )|aM, Cc M;}. 


10. 
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Verify the calculation (4.3). 


. Let D > 0 be a nonsquare integer and let m # 0 € Z. Let (x, y),(x’, y’) 


= Z? be two solutions of the equation X¥? — DY* = m such that x = x’ 
and y = y’ (mod m). Show that (x, y) and (x’, y’) are in the same Of, , 
orbit of solutions of X* — DY* = m. Deduce that there is only a finite 
number of such orbits. 


. Find all integral solutions of the equations X? + 4XY — Y* =m with 


—5<m < 10. 


. Find all integral solutions of the equations X* — 3Y? = 13, X? — 3Y* = 


600, X* — 82Y2 = 2, and X24 3XY — 5Y? = 65. 


. Let f(X, Y) = aX? + bXY+cY* be an integral form of discriminant 


A = m? with m & Z. Prove that f is the product of two linear polynomi- 
als with integer coefficients. If a #0, show that f(x, y) = sign(a) - 
GCD(a, b, c)((a/a)X + (b + m)/2a)¥ (a/R) X + ((b — m)/2B)Y), 
where a = GCD(a,(b + m)/2) and B = GCD(a,(b — m)/2). 


. Find all integral solutions of the equation 2X7 — XY — 3Y? = 8. 


. Let a,b,c € Z. Show that there exists (x, y) # (0,0) € Z? such that 


ax? + bxy + cy? = 0 if and only if A = b? — 4ac is a square. 


. Let f be an integral form of discriminant A. Prove that there exists 


m+#0Qe€Z such that f(X, Y) =m has an infinite number of integral 
solutions if and only if A = 0 or A is a positive nonsquare. 


Let f be an integral binary quadratic form of nonsquare discriminant 
A > 0 and suppose that N(e,) = —1. Let m>0€ Z. 


i. Show that OX acts on the set W= {(x, y) € Z*||f(x, y)| =m}. 
State and prove a variant of Theorem 4.5 that gives a set of representa- 
tives for the OX orbits in W. (Use €, in place of %.) 


li. Let {(x,, ¥),---,(Xn, Yy)} be a set of representatives of the Ox 
orbits in W, where 


_ m forl<is<r 

Pi ¥i) -{_” forr+1<i<N’ 
Show that {(x,, y,)[l <i<r}U {e,:- (x, y,|r +1<i< N} isa set 
of representatives for the O<, orbits of integral solutions of the 
equation f( X,Y) =m. 

iii. Explain why the integral solutions of the equation f(X, Y) =m can 
be found more efficiently by an algorithm based on i and 11 than by the 
algorithm of the text that is based directly on Theorem 4.5. 
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11. Let D © Z be a positive nonsquare, let m # 0 € Z, and let Y= {(x, y) 
© Z*|x* — Dy* =m\). Let &* be the set of proper integral solutions of 
the equation X* — DY? =m, by definition #Y* = {(x, y) € 
Y|GCD(x, y) = 1}. 

i. Show that if (x, y) and (x’, y’) € Y are in the same Of, , orbit, then 
GCD(x, y) = GCD(x’, y’). Thus Of, , acts on Y*. 

ii. Show that there is a function ~: Y* — Z/m defined by the equation 
ywW(x, y) =x (modm). Prove that W(x, y)? = D (mod ™m) for all 
(x, y) © Y*. Prove that W(x, vy) = W(x’ y’)) € Z/m for (x, y), 
(x’, y’) © Y* if and only if (x, y) and (x’, y’) belong to the same 
O¢p.1 Orbit. 


12. Let D be a positive nonsquare integer. 

For ¢,m © Z such that m # 0 and ¢* = D (mod m), let X; ,, = {(x, y) 

© Z*|x* — Dy? =m, GCD(x, y) = 1, and y= x (mod m)}. This ex- 

ercise shows how to reduce the computation of X, ,, to the case |¢| < |m/2| 

and |m| < VD. 

i. Show that X, ,, = Xp, uf ¢= @’ (mod m). 

ii. Let ¢,m,m’ be such that 77= D+ mm’. Prove that there is a 
bijection g: X; ,, > X; ,, given by the rule $(x, y) = (x’, y’), where 
(x + yVD)\(x’ + y’VD) = 2+ VD. Show that if |¢| < |m/2| and |m| 
> VD, then |m’| < |m|. 

iii. Using i and ii, find all integral solutions of the equations X? — 17Y? 
= 757, X*—17Y? = 16883 and X?-—15Y?=61. (Note. 757 is 
prime, 120* = 17 (mod 757). 16883 is prime, 130* = 17 (mod 16883).) 


13. Write and test a computer program to perform as follows: 
Input: An integral binary quadratic form f and an integer m. 
Output: An explicit description of the set {(x, y) € Z?|f(x, y) =m}. 


14. Let (a, b) # (0,0) € Z? and let m € Z. Show that the group {(x, y) € 
Z*\|ax + by = 0}, which is isomorphic to Z, acts on the set {(x, y) € 
Z*|ax + by = m} and that the number of orbits is 0 or 1. 


5. Automorphisms 


The real significance of the Pell equation is that its integral solutions give 
automorphisms of quadratic forms. It is the main aim of Section 5 to explain 
how. 


Definition 5.1. A matrix y € GL,(Z) is said to be an automorphism of an 
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integral binary form f = ax? + bxy + cy? iff yf = f or equivalently, iff 


a b/2\, [a _ b/2 
a O) r= (4%, i 


We say that y is proper iff det(y) = +1 and that y is improper iff det(y) = 
1, 

Let wu7¢(f) be the group of automorphisms of f. 

Let ?ud¢*(f) be the group of proper automorphisms of f. 


Definition 5.2. Let f = ax* + bxy + cy” be an integral form of discriminant 
A # 0. Define a,(u, v) © GL,(Z) for (u, v) € Pell *(A) by the formula 


y= =p av 
P if A = 0 (mod 4) 
— CU 7 hae aoa 8) 
a-(u,v) = sea 
u + 5 y av | 
if aed if A = 1 (mod 4) 
— CD u + 5 V 


Note that a,(u, v) has integer entries because b = A (mod 2). A calculation 
Shows that det(a,(u, v)) = f,(u, v). It is straightforward but tedious to check 
that a,: Pett *(A) > GL,(Z) is a group homomorphism. The definition of 
a, Should be compared with (4.3). 


Theorem 5.3. Let f be an integral binary quadratic form of discriminant 
A +0. 


i. a,(u, v) € Sel" (f) for all (u, v) € PelC(A). 
u. If f is a primitive form, then a,;: Pet?(A) > Wud" (f) is a group 
isomorphism. 


Proof. 1. Straightforward calculation. 
ii. Since a,: Pet¢(A) > Wue"(f) is a homomorphism that is clearly 
injective, we must simply show that if f is primitive, then a, is surjective. 
Let f = ax* + bxy + cy” bea primitive form of discriminant A ¥ 0 and let 
y= & ‘| © Gut" (f). The equality 


a b/2\ [a b/2\,., 
a fe c |- fe C | “ 
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yields the three equations 


a(p—r)=bs, (5.4a) 
cs = — alt, (5.4b) 
c(r — p) = bt. (5.4c) 


1 
Suppose that a # 0. Then albs and alcs by (5.4a) and (5.4b), and of course 


a\as. Since GCD(a, b, c) = 1 because f is primitive, we can conclude that als. 
Thus there exists v € Z such that s = av. It follows from (5.4b) that t = — cv. 
If A is even, let u = r + (b/2)v; if A is odd let u = r — (1 — b)/2)v. In both 
cases u © Z. From (5.4a) we see that p = r + bu, whence p = u + (b/2)p if 
A is even and p=u+((1 + 5)/2)v if A is odd. The equation 1 = det(y) = 
fy(u, v) shows that (u, v) © Pet?(A). Thus y = a,;(u, v). @ 


If a = 0, then (easy exercise) y = + °) = a,(+(1, 0)). 


Corollary 5.5. Let f be a primitive integral binary quadratic form of discrimi- 
nant A + 0. Then 


Z/22Z if A is a positive square or A < —4 
Z/4Z ifA = —4 
+ a 
ee Z /6Z ifA = —3 
Z/2Z ®Z_ if A isa positive nonsquare 
Proof. Theorem 5.31, Corollary 3.16, and Exercise 3.13. a 


Theorem 5.311 suggests the possibility of deriving the theory of the Pell 
equation from a study of automorphisms of quadratic forms. This possibility 
will be realized in Section 9. In particular, the existence of nontrivial solutions 
of the Pell equation in the case of positive nonsquare discriminant A will 
follow from the existence of nontrivial proper automorphisms of the Pell form 
Ia: 


Improper automorphisms are also of interest. 


Theorem 5.6. Let f be an integral binary quadratic form of nonzero discrimi- 
nant and let y be an improper automorphism of f. 
Then y*? = J and yBy = B'! for every B € Wal (f). 


Proof. We prove first that y* = I for every improper automorphism y of f. By 
the Cayley—Hamilton Theorem, y satisfies its characteristic equation, which is 
Z* — tr(y)Z + det(y)J = 0. Since det(y) = —1, it will suffice to prove that 
tr(y) = 0. 
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Suppose more generally that y = (; | € GL,(C), that det(y) = —1, and 
that 


a D722: gt @ D2 
u b/2 c 1 b/2 ( 
for some a, b,c € C with a, b,c not all zero. The 2 X 2 matrix equation 


a b/2 = a b/2 t—1 
ate 2) = (67, O) 


gives four scalar equations: a(r+p)=c(r+p)=0 and br=at—cs = 
— bp. It follows that r + p = tr(y) = 0. 

Now let f be an integral form of nonzero discriminant, let y be an 
improper automorphism of f, and let B € .~z¢*(f). Then y@ is an improper 
automorphism of f, whence (y8)(y8) = I. It follows that yBy = Bu. 7 


Exercises 


1. Prove that a, is a homomorphism. Try to do this without computations 
beyond that of (4.3). 


2. Prove Theorem 5.31. Complete the case a = 0 of the proof of Theorem 5.311. 
3. Determine ~%u¢*(2X?+ 6XY + Y’). 


4. Let f = ax? + bxy + cy” be an integral form of discriminant A # 0. 


I. Let #ud*(f) = {y © GL,(Z)|yf = det(y)f}. Show that ~%u¢*(f) is 
a group, that a,(u, v) © Wu¢*(f) for all (u, v) © Pet? *(A), and that 
if f is primitive, then a,;; Pet? *(A) > et*(f) is a group isomor- 
phism. 

ii. Suppose that f is primitive. Prove that the following two assertions are 
equivalent. (a) f and —ax? + bxy — cy” are properly equivalent. (b) 
The negative Pell equation f,(u,v) = —1 has an integral solution 
(u,v) € Z?. 


5. Let f be an integral form of discriminant A # 0, and let y € SL,(Z). 
Show that a,-(u,v) = y+ a,(u, v) - y? for all (u, v) € PelE *(A). 


6. Let x, y, A, B,k © Z, where GCD(x, y) = 1 and k # 0. Prove that there 
exists £€ Z such that ¢x = A (mod k) and ¢y = B (mod k) if and only if 
Ay = Bx (mod k). Prove moreover that if such @ exists, then ? is uniquely 


defined mod k (i.e., prove that the two congruences have a unique solution 
CE Z/k). 
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7. Let f( X,Y) = aX* + bXY + cY? be an integral form of discriminant 
A #0 and let m#0€Z. 
Let P=F, ,, = {(x%, y) © Z?|f(x, y) =m and GCD(x, y) = 1}, by de- 
finition the set of proper solutions of the equation f(X, Y) = m. 


iv. 


Vi. 


Show that there is a well-defined map A = A, ,,: A> Z/2m given by 
the rule A(x, y)=?, where ?x = bx + 2cy (mod2m) and ¢fy= 
—(2ax + by) (mod 2m). (See Exercise 6.) 

Let (x, y) € F and let y = e Y\e SL,(Z). Show that A(x, y) = B, 
where yf = mX? + BXY + CY’. Conclude that \* = A (mod 4m). 

Let (x, y) © P and let +t € Wud" (f). Prove that (x, y)t € F and that 
A(x, y)t) = A(x, y). Thus the group .»7¢*(f) acts on the right of A 
and A is constant on the orbits. (Suggestion: Use ii.) 

Let (x, y),(x’, y’) € FY, and suppose that A(x, y) = A(x’, y’). Prove 
that there exists tT € W%u¢'(f) such that (x’, y’) = (x, y)r. (Sugges- 
tion: Show that there exist y = & 4 and y’ = & 4 € SL,(Z) such 
that yf = yf. Take t = y 'y’.) 


. Let 2€ Z be such that ?* =A (mod4m). Let g = mX? + ¢XY + 


(0? — A)/4m)Y?. Prove that there exists (x, y) @P such that 
A(x, y) = @ if and only if f is properly equivalent to g. Suppose that 
g=yf where y = (" \ € SL,(Z). Show that (7,5) €F and that 
A(r,s) = ¢. 

Suppose that f is a primitive form. Show that two proper solutions 
(x, y) and (x’, y’) © F belong to the same Ox, orbit if and only if 
A(x, y) = A(x’, y’). Thus the Of, orbits in F are determined by 
congruence conditions. 


6. Reduction of Indefinite Forms 


Fix for this section a positive nonsquare discriminant A. 

The problems posed in this section are practical ones. We want a finite 
procedure that will determine the set of proper equivalence classes of integral 
binary quadratic forms of discriminant A and we want a method to determine 
whether any two given integral forms of discriminant A are properly equiv- 


alent. 


All forms considered in this section will be integral of discriminant A. We 
will write f = [a, b, c] to indicate the integral form f = aX? + bXY + cY? of 
discriminant A. Since A is not a square in this section, we will always have 
ac # 0. 
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Definition 6.1. The right neighbor Rf of an integral form f= [a,b,c] of 
positive nonsquare discriminant A is the form [a’, b’, c’] determined by the 
three conditions 
l a’ =C. 
ii. b + b’ = 0 (mod 2a’) and VA — [2a’| < b’ < VA. 
ili. b’? — 4a’c’ = A. 


Note that 


Rla, b,c] = (5 ile, -5. a] = (5 4 9 label, 


where b + b’ = 2cé6. Thus f is properly equivalent to its right neighbor Rf. 

We construct a sequence (f,) of forms f, all properly equivalent to f by 
taking neighbors of neighbors. For n>0 let f,= R"f (ie, fpo=f and 
f, = Rf,_, for n= 1). 


Definition 6.2. An integral form f = [a,b,c] of positive nonsquare discrimi- 
nant A is said to be reduced iff 0 < b < VA and VA — b < [2a| < VA +5. 


Observe that there are only finitely many reduced forms of discriminant A. 
This is because the coefficients a and b of a reduced form [a, b,c] of 
discriminant A lie within bounded intervals and c is determined by a, )b, 
and A. 


The basic facts of Gauss’s reduction theory are as follows. 


Theorem 6.3. Let A be a positive nonsquare discriminant. 

1. Let f be an integral form of discriminant A. There is an integer m > 0 
such that f,, =[a, b,c] is a reduced form with |a| < }vVA. Hence every 
integral form of discriminant A is properly equivalent to a reduced form. 

ii. Let f be an integral form of discriminant A. Then the sequence 
fo. fi, f,--- Contains only a finite number of distinct forms f,. 

111. Two integral forms f and g of discriminant A are properly equivalent if 


and only if there exist nonnegative integers M and N such that fy, = gy. 


Corollary 6.4. There is only a finite number of proper equivalence classes of 
integral forms of discriminant A. 


Proof of Corollary 6.4. By Theorem 6.31 each proper equivalence class of 
integral forms of discriminant A must contain at least one reduced form. We 
have already remarked that there are only finitely many such reduced forms. @ 
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Theorem 6.3 reduces the test for proper equivalence of two forms f and g 
to a finite sequence of tests for equality of f,, and g,. One can compute the 
two sequences fp, f,,... and Qo, g),-.. until they repeat an element, which 
they both will eventually do by Theorem 6.311. By Theorem 6.3iii, the two 
resulting finite sequences will have an element in common if and only if f and 
g are properly equivalent. 

For example, the forms 2X* + 8XY + 3Y? and X?— 10Y? of discrimi- 
nant A = 40 are shown to be not properly equivalent by calculation of the 
following two sequences of right neighbors: 


i. [2,8, 3], [3,4, —2], [—2,4, 3], [3,2, —3], [-—3,4, 2], [2,4, —3], [-3, 2, 3], 

[3,4, —2]. 

ii. (1,0, —10], [—10,0, 1], [1,6, —1], [—1, 6, 1], [1,6, —1]. 

We can use the procedure just described to partition the finite set of 
reduced forms of discriminant A into proper equivalence classes. By 
Theorem 6.31 we will find in this way all proper equivalence classes of 
integral forms of discriminant A. 

The partition by proper equivalence of the set of reduced forms of 
discriminant A is clarified by the following supplement to Theorem 6.3. 


Theorem 6.5. Let A be a positive nonsquare discriminant. 

i. R induces a permutation of the finite set of reduced integral forms of 
discriminant A. 

11. An integral form f/ of discriminant A is reduced if and only if there exists 
an integer N > 0 such that f,, =f. 

111. Two reduced integral forms f and g of discriminant A are properly 
equivalent if and only if there is an integer M > 0 such that f,, = g. 


From Theorem 6.511 we learn that the reduced forms are precisely those f 
for which the sequence ( f,,) is periodic, i.e., for which there is an integer N > 0 
such that f,,, =f, for all n > 0. Let f be a reduced form, and let N be 
minimal with the preceding property. By Theorem 6.5iii the finite sequence 
fo fi»---> fy_— 1, Classically called the period of f, contains all the reduced 
forms that are properly equivalent to f. Thus two reduced forms of discrimi- 
nant A are properly equivalent if and only if their periods are the same, up to 
a cyclic permutation. 

The permutation induced by R on the finite set of reduced forms of 
discriminant A can be expressed canonically as a product of disjoint cycles. It 
is easy to do this explicitly for any given A. The disjoint cycles, which are 
nothing but the periods of the reduced forms, are in one-to-one correspon- 
dence with the proper equivalence classes of forms of discriminant A. 
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The result is really quite pretty. We begin with an action of the unwieldy 
infinite group SL,(Z) on the infinite set of integral forms of discriminant A. 
We introduce the action of a finite cyclic group (generated by R) on a finite set 
(the subset of reduced forms). Then Theorems 6.3 and 6.5 tell us that the 
orbits for the two group actions are the same. 

We turn to the proofs of Theorems 6.3 and 6.5. The proof of Theorem 
6.5111, which is based on continued fraction considerations, will be deferred to 
Section 8. The proof of Theorem 6.3iii given in this section depends upon 
Theorem 6.5ii1. 

We first note a symmetry in the definition of a reduced form. 


Lemma 6.6. For an integral form [a, b, c] of positive nonsquare discriminant 
A the following three assertions are equivalent. 


1. [a, b, c] is reduced. 
2.0<b</YVA and VA —b</[cl< yA +5. 
3. [c, b, a] is reduced. 


Proof. The lemma follows easily from the calculation [2a] - |2c| = 
(VA — b\VA + b), which holds for [a, b, c]if0 <b < VA. a 


Proof of Theorem 6.3i. Let f be an integral form of discriminant A and let 
f, = (4, 5,,¢,] for n=O. There must exist an integer m2>1 such that 
l2,n| < |1@m+1|) because an infinite descending sequence of positive integers 
|a,;| > |a,| > |a3| > --- is impossible. We claim that for such m, f,, = 
[2,,> Pins Im +1] is reduced and that Ja,| < 4VA. 

Indeed, let f=[a,b,c] be an integral form of discriminant A such 
that VA — 2a) <b</YVA and |a| <|c|. Then 0 < VA — b < [2a] < [2c| = 
(A — b?)/2a| < |VA + bj, from which it follows that b > 0. Thus b? < A and 
so |2a|? < |4ac| = A— b? <A. Hence |2a| < VA < VA +b. Therefore the 
form [a, b, c] is reduced and |a| < 4VA. a 


Proof of Theorem 6.5i. We first show that the right neighbor of a reduced form 
is reduced. 

Let f=[a, b,c] be a reduced form of discriminant A and let Rf = 
[a’, b’, c’]. To prove that Rf is reduced we must show that b’ > 0 and |2a’| 
< yA +b’. 

Let k © Z be defined by the equation b+ b’ = kj2a’|. We can write 
b+b’=((VA +b)- cl) + (b’ — (VA — |2a’|)), where the two terms on the 
right are positive by Lemma 6.6 and Definition 6.111. This shows that k > 1. It 
follows as desired that 2b’ = (VA — b) + (b’ — (VA — [2a’/)) + (k — 1)[2a’ 
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> 0 and that VA +b’ — 2a} = (VA — b) + (k —1)2a|> 0. Thus Rf is 
reduced. 

Now let X be the set of reduced integral forms of discriminant A. We will 
prove that R: X — X is a byection by finding an inverse for R. 

Define the /eft neighbor Lf of an integral form f of discriminant A to be the 


form Lf = & )R(° ae By Lemma 6.6 and the fact that R maps reduced 
forms to reduced forms, we see that Lf is reduced if f is reduced. 


Now compute the composition RL. First compute 
_{0 1 _{9 1 = 
Lla,bc]=(9 })Rlebal=(9 5)la 8 *1=[+. 8.4], 


where B = —b (mod 2a), VA — J2Za|)< B< VA, and * is determined by B, a, 
and A. Thus RL[a, b, c] = [a, B, *], where 8B = —B = b (mod2a) and VA — 
I2a| < B< VA. If f=[a, b,c] is reduced, then also VA — Qal<b<vVA, 
from which it follows that B = b and hence that R( Lf) = f. We have proved 
that the map R: X — X is surjective. Since X is finite, R is bijective and L is 
its inverse. a 


Proof of Theorem 6.3ii. Let f be an integral form of discriminant A. By 
Theorem 6.31 there is an m such that f,, is reduced. By Theorem 6.51 we 
conclude that f, is reduced for every n > m. Since there is only a finite 
number of reduced forms of discriminant A, there can be only a finite number 
of distinct f,. a 


Proof of Theorem 6.5ii. The group of permutations of the finite set X of 
reduced integral forms of discriminant A is a finite group. Hence all its 
elements have finite order. Let N be the order of the permutation of X 
induced by R. Then R*f =f for all reduced forms f. In other notation, 
eae 

Conversely, suppose that f, = f for an integral form f and positive integer 
N. Then f,, =f for all integers k > 0. By Theorems 6.31 and 6.5i, the form 
fin 18 reduced for all sufficiently large k. Hence f is reduced. a 


Proof of Theorem 6.3iii. Since f is properly equivalent to f,, and g is properly 
equivalent to gy, the equality f,, = g, implies that f and g are properly 
equivalent. 

Conversely, suppose that f and g are two integral forms of discriminant A 
that are properly equivalent. By Theorem 6.31 there exist nonnegative integers 
m and n such that R”f and R”g are reduced. Since R”f and R"”g are 
properly equivalent, Theorem 6.5i1i (which will be proved in Section 8) implies 
that there exists k > 0 such that R“‘R”f = R"g. Thus f,,,, = g,- The proof is 
complete. | 


8. 
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Exercises 


. Let f= X? — 10Y? and let g = —201X? + 244XY — 74Y?. Show that f 


and g are properly equivalent and find y € SL,(Z) such that yg = f. 


. List all reduced forms of discriminant 65. Divide them into proper 


equivalence classes. 


. List all reduced forms of discriminant 85. Divide them into proper 


equivalence classes. 
i. Show that all integral forms of discriminant 13 are properly equiv- 
alent. 


ii. Prove that the form X”* + XY — 3Y? represents a prime number p if 
and only if p = 13 or p= +1, +3, or +4 (mod 13). 


. Write two computer programs to perform as follows. 


i. Input: Two integral forms f and f’ of positive nonsquare discrimi- 
nants. 
Task: To determine whether f and f’ are properly equivalent and if so 
to produce y € SL,(Z) such that yf = /’. 

ii. Input: A positive nonsquare discriminant A. 
Task: To produce a list containing exactly one reduced form in each 
proper equivalence class of integral forms of discriminant A. 


. Find an upper bound (depending on A) for the number of proper 


equivalence classes of integral forms of positive nonsquare discriminant A. 


. Prove directly that L( Rf) =f for every reduced integral form f of 


positive nonsquare discriminant. 


i. Given an integral form f= [a, b,c] of positive nonsquare discrimi- 
nant, let f* =[—c,b,—a] and let f’ =[—a,b,-—c]. Let R"f= 
[a,,5,,¢,] for all n > 0. Show that L”( f*) = [—c,, b,, —a,,] for all 
n>0. Prove that if f is reduced and R*”"f=/f*, then Rf = 
[A, B, —A] for some A, B € Z. 

ii. Let p be a prime, p =1 (mod4). Let t =[yp] and let f= [1,21, 
t? — p]. Show that f is a reduced form of discriminant 4p and that f 
is properly equivalent to f’ (Exercises 3.811 and 5.411). Show that 
Lf’ = f*. Conclude that there exists an integer m => 0 such that 
R"f = [a, b, —a] for some a, b € Z. Since p = a” + (b/2)”, we have 
a new proof of Fermat’s theorem that every prime congruent to 1 
mod 4 is a sum of two squares. 

Express p = 233 as a sum of two squares by computing the se- 
quence fo, fi, fa,--- - 
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iii. Let p be a prime, p=1 (mod4). Let s = (vp — 1)/2] and let 
f=[1,2s+1,57+5+(1 — p)/4]. Show that f is a reduced form of 
discriminant p, that f is properly equivalent to f’, and that Lf’ = f*. 
Prove that there exists an integer m > 0 such thatR”f = [a, b, —a] 
for some a, b € Z and that p = (2a)* + b’. 

Express p = 233 as a sum of two squares by computing the sequence 
fo» fi. fos--- - Do the same for p = 2837. 


. Let f be an integral form of positive nonsquare discriminant A and let 


m#0€Z be such that |m| < 4VA. Let Ff, , be the set of proper 
integral solutions of the equation f(X, Y) = m (as in Exercise 5.7, which 
the present exercise continues). 


i. Prove that A, ,, # @ if and only if there exists n > 0 such that 
R"f = [m, b,c] for some b,c € Z. 

ii. Let 7 Z. Prove that there exists (x, y) © P, ,, such that A(x, y) = "A 
if and only if there exists n > 0 such that R”f = [m, b,c] for some 
b,c € Z with b = ?@ (mod2m). 

iii. Produce a fast algorithm based on 1 and 11 to find a set of representa- 
tives of the x¢*(f) orbits in Y, ,, (for the case |m| < 4VA). 


iv. Find two ways all integral solutions of the equation 3X? + 2XY — 
4Y? = 3, first by the method of iii, and second by the method of 
Theorem 4.5. 


i, Give an algorithm based on Exercise 5.7v and Theorem 6.3 to perform 
as follows. 
Input: An integral form f of positive nonsquare discriminant and an 
integer m. 
Output: A set of representatives of the »u¢'(f) orbits of proper 
integral solutions of the equation f(.X, Y) = m. 
(The first step of the algorithm will be to find all solutions of the 
congruence \? = A (mod 4m).) 

ii. Use the preceding algorithm to find all integral solutions (proper or 
not) of the equation 17X* + 32XY + 14Y? = 9. 


Let f =[a, b,c] be an integral form of positive nonsquare discriminant 
and let f = [c, b, a]. Prove that the following three assertions are equiv- 
alent. (a) f has an improper automorphism. (b) f and f are properly 
equivalent. (c) f is properly equivalent to a form [A, B, C] such that A|B. 
(Suggestion: Show that if f= [a,b,c] is reduced and R?'*'[a, b,c] = 
[c, b, a], then [A, B, C] = R'*"[a, b, c] has property (c).) 


Let f = [a, b, c] be an integral form of positive nonsquare discriminant A 
and let Rf = [a’, b’, c’]. Show that b’ = 2cé — b and c’ = 6(b’ — b)/2 + 
a, where 8 = sign(c)[(b + VA)/2cl] = sign(c)[(b + [VA ]) /2c]]. 
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7. Continued Fractions 


We present the elementary facts of continued fractions that we will need in 
Section 8 for the proof of Theorem 6.5111. 


Definition 7.1. Given real numbers do, a;,..., a, such that a; > 0 for all 
i > 0, we define the continued fraction (dao, a;,..., @,) © R recursively: 
(a@,) =a, and (45; 4,...,¢@,) =a) + ————. 
CGF osact) 
The terminology comes from the expression 
1 
(Go; @,...,4,) =agt a a 
a, + 
1 
+ = 
a, 
We will say that a continued fraction (do, a,,..., @,_3, y) 1S nearly simple 


iff a; 18 a positive integer for0 <i<n-—Jland y> 1. 


Lemma 7.2. Let x = (do, a,,..., 4,1, y) be a continued fraction. Let 
eal gee a) glean 
cou 1 O/\1 O 1 0 
Then x = (ry + s)/(ty + uv). 
Proof. By induction on n > 1. Details left as an exercise. @ 


We will occasionally write yy = (ry + s)/(ty + u), where y = (" ‘Je 
GL,(R) and y € R are such that ty + u # 0. The inductive step in the proof 
of Lemma 7.2 can be seen to follow from the calculation y,(y)y) = (¥172)¥ 
for y,, Y, € GL,(R) and y ER. It follows that x = yy implies y = y ‘x, 
another formula we will have occasion to use. 

For a nearly simple continued fraction, the matrix *) of Lemma 7.2 
belongs to GL,(Z). It is through the group GL,(Z) that nearly simple 
continued fractions will be linked to equivalence of binary quadratic forms. 

We will need two facts from the general theory of continued fractions, an 
existence theorem and a uniqueness theorem. We begin with uniqueness. 


r 
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Proposition 7.3. Let x = (do, a,,...,a,) and y= (bo, b,,...,5,) be two 
nearly simple continued fractions. 
If x = y, then a, = 5, for all i. 


Proof. By induction on n, beginning with the trivial case n = 0. 
Let n be a positive integer and let x and y be as in the statement of the 


lemma. The equation x =a,+1/(a,,...,a,) shows that a )=[x], for 
(a,,...,a@,) > 1 because x is nearly simple. Similarly, by) = [y]. If x = y, then 
Ay = bo. It follows that (a,,...,a,) = (b,,...,5,) and therefore, by the 
inductive hypothesis, that a, = b, for all i > 0. a 


Our next result is the key existence theorem. 


Proposition 7.4. Let T = & : © GL,(Z) be such that R > S > U> 0 and 
R>Toe U. 
Then there exist positive integers n, dy, a ,..., a, _, such that 


rl UE dele bh 
1 O/\1 O 0 
Proof. The proof is by induction on T. 
If T = 1, there are two cases depending on the value of U. Either 


_({R 1 pork Sh ps heel 2 
pnts 0) = tm 1 | r a) 5) 
Now suppose that T > 1. Since det(I.) = +1, we must have in this case 


that R> T> U>Oand R/T ¢ Z. Let m be the (positive) integer such that 
R/T —1<m< R/T and let 


-(” 1) r= | T U )=(7 2 
Y"\1 0 R—mT S—mU t ul). 


To complete the proof of the lemma we show that y € GL,(Z) is a matrix to 
which the induction hypothesis may be applied. 

It is automatic that r > s > 0, and the choice of m insures that r= T >t 
> 0. That u > 0 can be seen from the calculation u = (st + det(y))/r. It 
remains only to show that s > u and that ¢ > u. But u > s would imply that 
ru>(t+1)(s+1)=st+s5++2t+1, which would contradict the fact that 
ru — st = +1. A symmetric argument rules out the possibility that u > t. 

Hence y can be expressed as a product of matrices of the required form. It 
follows that [ = G 4 y can be so expressed as well. = 
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We conclude Section 7 with a more specialized lemma that is designed 
specifically for the proof of Theorem 6.511. The conclusion of Lemma 7.5 
should be compared with the hypothesis of Proposition 7.4. 


Cc 


and cy + d # 0 and that the following two systems of inequalities hold: 


Lemma 7.5. Let y = & : € GL,(Z). Let x, y € R. Suppose that cx + d # 0 


; P ax +b ; 

> > 

7 sie cx + d ; ~) 
ay +b 

—1<y<0O and -1< < 0. (+ *) 
cy+d 


Then exactly one of the following three statements is true: 


= 1 O 
A. y= +(1 a) 


B. y = +(’ *), where r>s>u>Oandr>1>u. 


Ca tS +(" *), where r>s>u>Oandr>1>u. 
Proof. The lemma is proved by analysis of five cases. 


Case 1. Suppose that abcd # 0, c > 0 and d > 0. 

The nonzero integers ad and bc are consecutive, since det y = +1, and 
therefore they have the same sign. Hence a and b have the same sign. Since by 
(*) we have ax + b > 0, we can conclude that a > 0 and b> 0. 

By (*) we have ax + b> cx +d. Hence (a —c)x > (d-— 5b). This last 
inequality is incompatible with the supposition that both a <c and b< d. 
Thus either a > c or b > d. If a> c, we can prove that b > d by contradic- 
tion as follows: d>b implies that ad>(c+1)(b+1)=be+b+cHl, 
whence det y = ad — bc > 1, which is false. Similarly, if b > d, then a> c. 
Therefore, a > c and b> d. 

If ayv+b<0, then b/a <|y| <1, and thus a> b. It follows by an 
argument similar to one in the previous paragraph that c > d. If ay + b> 0, 
then by (* *) we have cy + d < 0, whence d/c < |y| < 1, and thus c > d. It 
follows that a > b. Therefore, a > b and c > d. 

We have verified that statement B holds. 


Case 2. Suppose that abcd # 0, c < 0 and d < OQ. Statement B holds because 
—y belongs to Case 1. 


Case 3. Suppose that abcd # 0, c < 0 and d > O. It follows from the equation 
ad — bc = +1 that a and b have opposite signs. Since cy + d > 0, (* *) 
implies that ay + b < 0. Therefore, a > 0. 
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Now consider y+ = +( ao 6 GL,(Z). Let x’ = yx and y’ = yy. We 
get two systems of inequalities like (*) and (* *): 

x’>1 and y 'x’>1, (*’) 

—1<y’<0O and -l1<y ly <0. (*« *””) 


The reasoning of Case 1 or 2 is seen to apply to the matrix y *. We conclude 
that statement C of the lemma holds. 


Case 4. Suppose that abcd # 0, c > 0 and d < 0. Statement C holds because 
—y belongs to Case 3. 


Case 5. Suppose that abcd = 0. A simple analysis, which is left as an exercise, 


shows that 
= 1 O as m 1 
0 1 m 1\ 
oT aacit Bo Toe. 0) 


for some positive integer m. The three possibilities correspond to the three 
Statements A, B, and C. 


It remains only to prove that the three properties A, B, and C are mutually 
exclusive. But that is easy and may be left to the reader. a 


Exercises 


1. Prove Lemma 7.2. 


2. Prove that y,(y.y) = (y172) y for all y,, y. € GL,(R) and y © R for which 
the expressions are defined. 


3. Let n, do, a,,..., a, be positive integers and let 


“(rod (P oll? ol (Po) 


i. Prove that R/T = (do, a,,..., a,_,) and that if n > 2, then S/U = 
(do, a,,..., 4,5). By considering the transpose of I, find continued 
fraction expressions for R/S and T/U. 
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ii. (Converse to Proposition 7.4.) Prove that R>S >U20 and 
R>To> U. 


iii. Let m, bo, b,,..., 5,,_, be positive integers such that 


ne eee 


Prove that n = m and that a, = b, for all i. 


4. Complete the proof of Lemma 7.5 by carrying out the analysis of Case 5, 
the case abcd = 0. 


5. Read the sections on continued fractions in any text that discusses the 
subject for its own sake. 


8. Reduction (ID 


Fix for this section a positive nonsquare discriminant A. 
We are going to prove Theorem 6.5111. We begin with a key definition. 


Definition 8.1. Let f= [a,b,c] be an integral form of positive nonsquare 
discriminant A. We define the roots Q( f) and w(f) of f by the formulas 


b+vVA b—vVA 
= and w=o0(Q) = ———. 
2C 2¢ 


Q 


Observe that since VA is irrational, f can be recovered from knowledge of 
Q(f) and A. In other words, if f and g are integral forms of discriminant A 
such that Q(f) = Q(g), then f= g. In some situations we will find it more 
convenient to work with the single real number than to work directly with 
the form f. 

Properties of f can often be simply expressed in terms of the roots of f. We 
have for instance: 


Lemma 8.2. f is reduced if and only if w(f)Q(f) <0 and |w(f)| <1 < 
LCF) 


Proof. Let f =[a, b,c]. The stated inequalities on w(f) and (f/f) when 
expressed in terms of a, b, and c are |b| < VA and |VA — b| < [2c] < |vA + BI. 
Lemma 8.2 is thus a consequence of Lemma 6.6. | 


The next lemma shows the way in which Q2 and w change under proper 
equivalence of forms. 
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Lemma 8.3. Let f be an integral form of positive nonsquare discriminant A 
and let y = (" ‘je SL,(Z). Then 


rQ(f)+s ro(f)t+s 
Q(yf) = iQ(f) + u and w(yf) = mop aod 


Proof. Exercise. a 


The roots of the forms in the sequence R”f are related by continued 
fractions. 


Lemma 8.4. Let f and g be reduced integral forms of positive nonsquare 
discriminant A and let n be a positive integer. 
The following two assertions are equivalent. 


1. Rf = g. 


2. sign(Q(g)) = (—1)"sign(Q2(f)) and there is a nearly simple continued 
fraction |(f)| = (do, dys---+ dn» [2(g)D. 


Proof. 1 > 2. The proof will be by induction on n. Let f=[a, b,c] be a 
reduced integral form of discriminant A and let Q = Q(f). Let Rf = [a’, b’, c’] 
and let Q’ = Q( Rf). We know that cc’ = a’'c’ is negative because Rf is 
reduced (by Theorem 6.51). Thus —1 = sign(cc’) = sign(Q2Q’). 

Let k € Z be such that b + b’ = k|2c|. We have the equation 


b+VA — kj2c)— b’+ VA 
7 2C 7 2C 


(2 


= k sign(c 7k 
There are two cases. If c > 0, then Q = |Q| and Q’ = —|Q’|. If c <0, then 
Q = —|Q| and Q’ = |Q’|. In both cases, we find that |Q] =k + 1/|Q’| = 
(k, |Q’|). Note finally that k > 1, since b and D’ are positive, and that |Q’| > 1 
by Lemma 8.2. The case n = 1 of the implication 1 = 2 1s proved. 

Now suppose that n > 1. Application of an induction hypothesis yields 


|Q| = (k, |ACRF))) = (Kk, (Ay, Kase ees Kn 1 10( RP )])) 
= (k,ky,...,k,-1,|2(R"F))), 


where k and all k, are positive integers and 
sign(Q(R"f)) = —sign(Q(R"f)) = (—1)"sign(Q(f)). 


2 = 1. Let f and g be as in the statement of the theorem and suppose that 
2 holds. The implication 1 = 2 just proved asserts the existence of a nearly 
simple continued fraction |Q(f)| = (Ko, k,,...,k,—1,|@,|), where Q, = 
Q(R”f). By the uniqueness assertion Proposition 7.3 we can conclude that 
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I2Cg)| = |@,|. But Q, and Q(g) have the same sign, because sign(Q,)Q,) = 
(—1)” by the implication 1 => 2, and we have hypothesised that sign(Q)Q(¢)) 
= (—1)”. Hence 2, = Q(g). Therefore, R”f = g, which is what we wanted to 
prove. — 


At last we are ready. 


Proof of Theorem 6.Siii. Let f and g be properly equivalent reduced forms of 
discriminant A and let rt = 6 | € SL,(Z) be such that f = 7g. 

Let Q and w denote the roots of f and let 2’ and w’ denote the roots of g. 
Define y © GL,(Z) such that det(y) = sign(QQ’): 


( : uw) at if2>0,2'>0 
t u 
r me — —] 0 (<1 0 : , 
fae ae | 0 | 0 4 Eas 
oe —r S —-1 0 ee) 
oe 1) = : | if 2>0, 2 <0 
cane i —S§ = —] 0 : , 
( : ) =( 0 Os if Q<0,2'’>0 


Define a, b,c, d by the equation y = (“ A) Starting with Lemma 8.3, it is 
easy to check that 


5 a\Q’| + b F a(—|w’|) + b (8.6) 
= ———— and —|lw| = ———_——. 
ns c|Q’| + d : lo c(—|w’|) + d 
Lemma 8.2 now shows that y satisfies the hypotheses of Lemma 7.5 with 
x = |Q’| and y = —|w’|. Hence y satisfies Lemma 7.5A, B, or C. 

If y satisfies Lemma 7.5A, then 2 = Q’. Thus f= g and the assertion of 
Theorem 6.5111 is trivially true. 

If y satisfies Lemma 7.5B, then by Proposition 7.4 there exist positive 
integers n, dy, d,,...,d,_, such that 


By Lemma 7.2 and (8.6) we calculate that |Q2| = y|Q’|] = (do,..., d,,_3, |’). 
Noting that (—1)” = det(y) = sign(Q - 2’), we can apply Lemma 8.4 to 
conclude that g = R”f. Thus the assertion of Theorem 6.5111 is true. 

If y satisfies Lemma 7.5C, then the argument of the previous paragraph 
applied to y~! proves that there is a positive integer n such that f = R”g. Let 
N > 0 be such that R%g = g and let k © Z be such that KN >n. Then 
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g = R*Ng = R®N~-"(R"g) = R*‘~—"f, and so in this case, too, the assertion of 
Theorem 6.5111 is verified. 


The proof of Theorem 6.5111 is now complete. a 


Exercises 


1. Prove Lemma 8.3. 


2. Let A be a nonsquare positive discriminant. 


i. Let f be a reduced integral form of discriminant A. Let Q, = Q(f,) 
and w,=w(f,) for all n=O. Let k, =[]Q,]], so that |Q,| = 
(ko, k,,.--,k,_3,|@,) for all n2=1. Prove that 1/|w,| = (k 
kK -20-++> Ko, 1/|Wol) for all n > 1. 

ii. Keep the notation of part i. Prove that if ky => 3, then |Q_| + |wo| > 3. 
Prove that if kj = 2 and k, < 2 for all n > 0, then |Q)| + |wo| > 2 + 5. 
Prove that if k, =1 for all n> 0, then |Q,| + Jw.| =(V5S + 1)/2 + 
(V5 —1)/2= V5. 

iii. Prove that every proper equivalence class of integral forms of discrimi- 
nant A contains a reduced form f such that |Qf| + |wf| > V5. 

iv. Prove that every integral form of discriminant A is properly equivalent 


to a reduced form [a, b, c] such that |a| < ~A/5. (This result sharpens 
Theorem 6.31.) 


n—1? 


3. i. Define a modified right neighbor #[a, b,c] =[a’, b’, c’] for integral 
forms of positive nonsquare discriminant A by replacing Definition 6.111 
with the rule b + b’ = 0 (mod 2a’), VA — |2a’| < b’ < VA + |2a’|, and 
(b + VA\(b’ — VA) < 0. Show that @f = Rf if f is reduced. Show that 
for all f, reduced or not, Q(f)Q( Af) < 0, |Q(Af)| > 1, and JQCf)| = 
(ko, ky,--+5 K,_7,|Q(A’S)), where k, = [JQ(#'f)|] for all i = 0. 

ii. Show that after replacing R by & and permitting d, to be zero, Lemma 
8.4 becomes true for all forms f and g, reduced or not. 


9. Automorphisms (II) 


The reduction theory of Section 6 solves the problem of existence of proper 
equivalences between two forms f and g of the same positive nonsquare 
discriminant. In Section 9 we specialize to the case in which f = g, thereby 
deriving the theory of automorphisms of f by a method that is not dependent 
on a prior study of the Pell equation. 
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It is convenient to name some 2 X 2 matrices. We will write T(6) = ( - i) 


-1 0 
and S(k) = (‘ : for all real numbers 6 and k. 


Definition 9.1. Let f be an integral form of positive nonsquare discriminant. 
We define 7, , © SL,(Z) and o, , © GL,(Z) for integers n > O by the follow- 
ing two formulas, where we have written R'f = [a,, b,,c;] for all integers 
i > 0: 


1. T , = T(8o)T(8,) ++ T(S,_-1), where b; + b,,, = 2¢;6;. 
li. Of , = S(Ko)S(K,) +++ S(K,_-1), where k; = |8;|. 


The matrices o, ,, are really only of interest for reduced forms f. 


Lemma 9.2. Let f be an integral form of positive nonsquare discriminant. 
Then f = 7, ,R"f for every integer n = 0. 


Proof. The case n = 1 is the computation Rf = ( a f = T(5,)*f that 
0 

was mentioned immediately following Definition 6.1 of R. The general case 

follows by induction on n. a 


Lemma 9.3. Let f be a reduced integral form of positive nonsquare discrimi- 
nant and let Q = Q(f). 


i. QC S)| = (Ko, ky,---5 Ky 1 [QC Rf), where the k,; are as in Definition 
9.111, for all integers n > 1. 


(-1)"o, , if Q > 0 and n is even 
-y"7{~! 8), (- O) ita <Oand n is even 
0 1/7" 0 1 
ii. 1 , = 7 _ . . 
a (—1)" | ; | if 2 > Oand n is odd 
(= 1" 97 = 8. if Q < Oand n is odd. 


Proof. i. The proof of the implication 1 > 2 of Lemma 8.4 actually proves this 
more precise statement. 

ii. Since f is reduced, sign({2) = sign(d,), and 6, and 6,,, have opposite 
signs for every i. Thus the result follows by induction from the calculation 


s(\8)( — if 8 >0 


(! 3) scab if8<0 
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We proceed to the main theorem of Section 9. 


Theorem 9.4. Let f be a reduced integral form of positive nonsquare discrimi- 
nant. Let N > 0 be the smallest positive integer such that R’f = f. 

i. T y iS an element of »/~¢*(f) of infinite order. 

li. Mud" (f) = {4(% y)™|m € Z}. 


Proof. 1. That 1 y 1s a proper automorphism of f is an immediate conse- 
quence of Lemma 9.2. Because R*f = f, we have (t y)™ = Ty. mn for every 
m = 0 & Z. An easy induction shows that 7, , # J for n > 0. Therefore, 7, ,, 
has infinite order. 

ii. We have only to refine a bit the case f = g of the proof of Theorem 6.5111 
given in Section 8, to which we will refer. 

Let f be reduced, let Q = Q’ = Q(f), and let rE xze*(f). Define 
y € SL,(Z) by (8.5). As in the proof of Theorem 6.5iii we can conclude that y 
satisfies 7.5A, B, or C. 

If y satisfies 7.5A, then tT = + : 


Suppose that y satisfies 7.5B, a oe = “£S(d, )S(d,)--- S(d,_,). As in the 
proof of Theorem 6.5111 we find that |Q|] = (do,...,d,,_4, |Q) and Rf =f. 
Lemmas 7.3 and 9.31 imply that d; = k; for all i; thus o, , = S(do)S(d,) --- 
S(d,-1) = +y. A comparison of (8.5) and Lemma 9.311 shows that tT = +7, ,. 
The equation R”f = f together with the minimality property of N prove that 

= mN for some integer m > 0. Therefore, 7 = +7 ,,y = +(%), ny)”: 

If y satisfies 7.5C, then the argument of the previous paragraph applied to 
y* shows that r~* = +(1, y)™ for some integer m > 0. 

The proof of Theorem 9.4ii is complete. al 


Corollary 9.5. Let f be an integral binary quadratic form of positive non- 
square discriminant. 

1 Wat" (f) = {+1} xX Z. 

il. Let M > 0 be such that R”f is reduced and let N > M be the smallest 
integer greater than M such that R*f = R”f. 

Then /ad"(f) = {4£(% ny, u)"|m & Z}. 


Proof. 1. If f is reduced, then the map ¢: {+1} X Z > Wad" (f) given by 
o(e,m) = €(7 y)” with N as in Theorem 9.4 is an isomorphism. 

If yf is reduced where y € SL,(Z), then af (f) =y ‘Wel (yf )y = 
{+1} x Z. This establishes Corollary 9.51 in general since for every f, by 
Theorem 6.31, there exists y © SL,(Z) such that yf is reduced. 
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ii. Take y = 1, yy, So that yf = R™f. The desired result follows from part i 
applied to R“f and the observation that t yy ° Te“; n-m = TN: a 


As an example we determine u¢'(f) for f=19X*— Y?. We must 
compute the sequence R”f = [a,, b,, c,] until it begins to repeat, keeping track 
of the integers 6, = (b, + b,,,)/2c,, as follows. 


n 0 1 p) 3 4 5 6 7 
a, 19 —-1 3-5 2 3h 3-1 
b, 0 8 4 6 6 4 g 8 
c, 1 3-5 2 -5 3-1 3 
8 —4 wa 3-1 2 28 


The table shows that we may take M = 1, N = 7 in Corollary 9.511. Therefore, 
Aut (f)= {+P™|m & Z}, where 


Beets yt = (-1024 || 4 a ee od 
HINT 326 39]\-1 0 39-170) 


From Definition 5.2 and Theorem 5.3 we find that Pel?(76) = 
{+(—170, 39)”"|m € Z}, thus solving the Pell equation X* — 19Y* = 1 by 
reduction techniques. 


Exercises 
1. Let f be an integral binary form of positive nonsquare discriminant and let 
n > 0. Prove that 7 , # J. 


2. Show that 


(Pn Pa-1 Py. Da\ fo. 4 
T(6,)T(6,) T(6,) = bs ame where ps aed = | ~ 5) 
and p; = —(6;p;-, + P;-2) and q; = —(6;4;-; + 9;-2) for i > 1. 
3. Determine /¢*(f) for f = 9X? + 16XY + 6Y’; for f = 31X? — Y*. 


4. Let f = [a, b,c] be a reduced integral form of positive nonsquare discrimi- 
nant, let N > 0 be the smallest positive integer such that |Q(R”f)| = |Q(f)|, 
and let wu¢*(f) = {y © GL,(Z)|yf = det(y)f }, as in Exercise 5 4. 
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i. Show that 1 yf =f if N is even and that 7, ,[a, —b,c] = —f if N 1s 
odd. 
li. Prove that wudé*(f) = Sat(f) = {+(%, n)™|m © Z} if N is even and 


that wef) ={+(1.0(7} °)) Ime zh it Wis odd 


5. Let f be an integral form of positive nonsquare discriminant. Let M > 0 
be such that R”f is reduced and let N > M be the smallest integer greater 
than M such that |Q(R*f)| = |Q(R”f)). 


i. Prove that @af*(f) = (+(4,0(% can Im © Z}\, where p = 
ape. 

ii. Determine »/u/*(X* + XY — 18Y*}. Compute the fundamental 
unit €53. 


CHAPTER 5 
The Class Group and Genera 


1. Introduction 


The final theorem of this book is another theorem of Gauss. 


Theorem 1.1. Three Squares Theorem. Every positive integer m has a unique 
expression m = 4%u, where a and uw are integers and 4 + u. The following two 
conditions are equivalent. 


1. X*? + Y* + Z* =m has a solution in integers X, Y, Z. 
2. u#7(mod8) (ie., u = 1, 2, 3, 5, or 6 (mod8).) 


Surprisingly, Gauss’s proof of the Three Squares Theorem 1.1 depends 
largely on the theory of binary quadratic forms, the forms in just two variables 
we have long been studying. The key fact here was also discovered by Gauss. 


Theorem 1.2. The set of proper equivalence classes of primitive integral binary 
quadratic forms of fixed nonzero discriminant A can be given the structure of 
finite abelian group in such a way that the following is true: 

If two classes @, and @, represent integers m, and m,, respectively, then 
the product class @,;@, represents the product mm). 


Theorem 1.2 suggests the existence of something like a homomorphism 
from the group of proper equivalence classes of primitive forms to the sets of 
integers represented by the forms in the classes. The working out of this idea 
amounts to Gauss’s construction of the theory of genera of binary forms. 
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Roughly speaking, the sets of integers represented by the forms are replaced 
by the sets of congruence classes mod the discriminant to which the repre- 
sented integers belong. Two primitive forms of the same discriminant A are in 
the same genus if they represent integers in the same congruence classes 
mod A. The genera can be described completely. 

Let f and g be primitive forms of the same discriminant A that do not 
belong to the same genus. Then no prime number that is represented by f is 
congruent mod A to a prime that is represented by g. Should A be such that 
distinct equivalence classes of primitive forms of discriminant A belong to 
distinct genera, 1.e., just one class in each genus, then the question of which 
primes can be represented by a given form of discriminant A can be answered 
completely with congruence conditions mod A. This is the case, for example, 
with A = —20, where there are exactly two classes and two genera, repre- 
sented by X? + 5Y* and 2X* + 2XY + 3Y”. 

We will construct the class group of Theorem 1.2 in Section 2. 

The facts of genus theory will be stated in Section 3. The proofs will be the 
concern of Sections 4—7. Along the way, in Section 4, we present Gauss’s 
second proof of the Law of Quadratic Reciprocity. 

The proof of Theorem 1.1 will come in Section 8, which is the final section 
of this book. 


Exercises 


1. Prove the implication 1 = 2 of Theorem 1.1. 


2. Let m be a positive integer. Deduce from Theorem 1.1 that if there exist 
P,49,r = @ such that p* + g? + r* =m, then there exist x, y, z © Z such 
that x° + y*+2z7=™m. 


2. The Class Group 


The theory to be presented rests on an identity that generalizes the product 
formula for sums of two squares. Though perhaps difficult to discover, it is 
easy to verify. 


Basic Identity 2.1. 
(a,x? + bx,y, + sey, )\( AG + bx,y, + a,cy3 ) 
= a,a,X* + bXY + cY’, 


where X = x,X, — cy,y, and Y = a,x, yy + ay y,X, + by, yy. 
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In the remainder of this section we will be concerned only with integral 
binary forms of a nonzero discriminant A, which we fix once for all. We will 
sometimes write [a, b, c] for the form aX* + bXY + cY”. The notation can be 
abbreviated to [a, b, *] when a # 0, for then c is determined by the discrimi- 
nant equation A = b? — 4ac. 


Definition 2.2. Two integral binary forms f, = [a,, b,, c,] and f, = [a, b,, c,] 
of discriminant A are concordant iff the following three conditions are met. 
1. aja, # 0. 

i. b, = by. 

lil. a,|c, and a,|cp. 

The composition f, * f, of two such concordant forms f, and f, of discri- 
minant A is defined to be the form [a,a,, b,c], where b = b, = b, and 
C = ¢\/a, = c,/a,. Since f,*f, has discriminant A, we can write 
[a,, b, *]*[a, b, *] = [aay, b, *], 


Note that condition i of the definition of concordant forms is automatically 
fulfilled in case the discriminant A is not a square. Moreover, condition iii 
follows from 1 and ii in case GCD(a,, a,) = 1, since then the discriminant 
equation implies that a,c; = aC). 

The definitions of concordance and composition have been made just so 
that the following product rule will hold. 


Proposition 2.3. If concordant forms f, and f, represent integers m, and m,, 
respectively, then the composition form /, * f, represents the product m,my,. 


Proof. Immediate consequence of the Basic Identity 2.1. a 


Note that the composition of two primitive concordant forms is also a 
primitive form. It was one of Gauss’s greatest discoveries that composition can 
be used to define a binary operation on the set of proper equivalence classes of 
primitive binary forms of fixed discriminant which makes the set into an 
abelian group. The remainder of Section 2 will show how this is done. We will 
write f ~ g to indicate that two forms f and g are properly equivalent. 

We begin with a useful lemma. 


Lemma 2.4. Let f= [a,b,c] be a primitive form and let M be a nonzero 
integer. Then f represents a nonzero integer that is relatively prime to M. 


Proof. Write 2M = +I Im,I|p,llq,, where the m,, p,,q, are primes such 
that m,t+a, p,|a, and p,tc, and q,|a and q,|c. Let r=I[]p, and let s = 
IIm,. Using the fact that q,+b because f is primitive, one sees that 
GCD( f(r, s),2M) = 1. a 
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Lemma 2.5. Let @, and @, be proper equivalence classes of primitive 
forms of discriminant A # 0. Let M #0 € Z. Then there exists a pair of 
concordant forms f,;=[a,,b,*] © @; such that GCD(a,,a,)=1 and 
GCD(a,a,, M) = 1. 


Proof. To begin with, choose F, = [a,, b,, *] © @, such that a, #0 and 
GCD(a,, M) = 1. To do this, let f be any element of @,. Let r, s be a pair of 
relatively prime integers such that a, = f(r,s) #0 and GCD(a,, M) = 1. 
The pair r, s can be taken, for instance, as in the proof of Lemma 2.4. Let 
t,u © Z be such that y = (" ‘je SL,(Z). Then F, = yf = [a,, b;, *] is as 
desired. 

Similarly, choose F, = [a,, b,, *] © @, such that a, #0 and GCD(a,, 
a,M) = 1. 

Next find integers n,,n, such that b, + 2a,n, = b, + 2a,n,. This equa- 
tion can be written a,n, — a,n, = (b, — b,)/2. Solutions n, exist because 
b, = A=b, (mod 2) and GCD(a,, a,) = 1. It is clear that the forms 


1 0O 
es a |f- [a,,b, *| 


with b = b, + 2a jn; are concordant forms as demanded in the statement of 
the lemma. a 


Proposition 2.6. Let @, and @, be proper equivalence classes of primitive 
forms of discriminant A # 0. Let f; © @, be a pair of concordant forms and 
let g, © @, be a second pair of concordant forms. Then f,* f, 1s properly 
equivalent to g, * g>. 


Proof. Write f; =[a,,b,c,;] and g, = [aj, b’, cj]. 
The proof will advance in stages. 


Stage 1. f, = g, and GCD(a,, a3) = 1. 

Then /f,; is concordant with both f, and g,, and we are to prove that 
fi * fy ~ fi * 8- 

Let y= (; 


: ‘je SL,(Z) be such that yf, = g,. The equivalent matrix 
equation is 


wy. O72) fay BP) 2.4 
Y'\b72 oc | \b72 a J * 


The above-diagonal component of this equation gives —sc, = ta}. Since fj; 1s 
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concordant with f,, a, divides c,. Thus a,|ta5, whence it follows that a,|t. 
Thus 


r Sa, 
0 is t/a, u | = SL,(Z). 
Stage 1 is completed with the observation that y’(f, * f,) =f, * 2. 


Stage 2. b = b’ and GCD(a,, a4) = 1. 
The hypotheses of Stage 2 imply that f, and g, are concordant. Two 
applications of Stage 1 show that f,* f, ~ f, * 2 ~ 8) * 2. 


Stage 3. GCD(a,a,, ajas) = 1. 
Let B,n,n’ © Z be such that b + 2a,a,n = b’ + Qajajn’ = B. 
Set 


1 0O 
= es ‘Aa [a,, B, *] 


and 
1 0 
F=(an i=l Be] © 6, 


Let H, = (2 mer * f,) = [a,a,, B, *]. The discriminant equation applied to 
H, shows that a,a,|(B* — A)/4. From the discriminant equations for F, and 
F, it then follows that F, and F, are concordant. 

Similarly, the forms G,=[a‘, B,*]©@; are concordant and H, = 
[aja5,B,*] ~ 8, * >. 

Stage 2 applies to the four forms F;,G, € @;. We conclude that f, * f, ~ Ay 
= F,* fF ~ G,*G, = Hy ~ 8 * 8. 


Final Stage. The General Statement. 

By Lemma 2.5, there are concordant forms | ie [A jp BLE 6 j such that 
GCD(4,A,, a,a,aja‘,) = 1. Two applications of Stage 3 prove that f, * f, ~ 
Fy * Fy ~ 81 * >. a 


By Lemma 2.5 and Proposition 2.6, composition of concordant forms gives 
a well-defined binary operation, called composition or product, on the set of 
proper equivalence classes of primitive forms of fixed nonzero discriminant. 
To be explicit, let @, and @, be two proper equivalence classes of primitive 
forms of discriminant A + 0. Let f; © @; bea pair of concordant forms. Then 
the composition @,¢, of @, and @, is defined to be the proper equivalance 
class of the form f,* f,. 
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Definition 2.7. The principal class €, of a nonzero discriminant A is the 
proper equivalence class of the principal form f, that is defined by the formula 


A 
Y? if A is odd 


X74+ XY + 
(X.Y) : 
» re re a if A is even 


Definition 2.8. A gaussian form is an integral binary quadratic form of 
nonzero discriminant A that is primitive and, if A < 0, is positive definite. 

A proper equivalence class of forms is gaussian iff it contains gaussian 
forms. 

Note that every form in a gaussian class is gaussian. 


We can now State and prove the central result of this chapter. 


Theorem 2.9. Let A be a nonzero discriminant. 

i. The set of proper equivalence classes of primitive integral binary quadratic 
forms of discriminant A 1s a finite abelian group under composition of classes. 

The identity element in the group is the principal class. 

The inverse in the group of the class of a primitive form f is the class of 
any form that is improperly equivalent to f. 

ii. The set of gaussian proper equivalence classes of discriminant A is a 
subgroup. 


Proof. 1. Commutativity of composition of classes. Clear from the Definition 2.2 
of composition of concordant forms. 

Identity element. Let @ be a proper equivalence class as in the statement of 
the theorem and let [a, b, *] € @, where a + 0. Since b = A (mod 2), we find 
that f, ~ [1, b, *]. Thus @@ is the class of [1, b, *]*[a, b, *] =f <€ @. Thus 
@, 1S an identity element for composition of classes. 

Inverses. Let @ be a class. There is a form [a, b,c] © @ such that ac # 0, 
for we can take a # 0 by Lemma 2.4 and then consider : ° Na, b, *] for 
suitable n. Every form that is improperly equivalent to a form in @ is properly 
equivalent to (° ‘)La, b, c| =[c, b, a], which is concordant with [a, b, c]. We 
compute the composition [a, b, c]*[c, b, a] = [ac, b,1] ~ fo. Thus the class of 
[c, b, a] 1s inverse to the class @. 

Associativity. Let @,, @,, and @, be any three classes. The trick here is to 
produce forms f; = [a,, B, *] © ©; such that the coefficients a; are nonzero 
and pairwise relatively prime. To do this, invoke Lemma 2.5 to begin with 
forms g;=[a,5,*] © 6, such that a,a,a,#0 and GCD(aq,, a,) = 
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GCD(a,a,, a;) = 1. Then take 


1 O 
a, n, 1} 8) 


where the integers n, satisfy an equation b, + 2a;n, = B for some integer 


B independent of j. Such integers n, always exist since the a, are pair- 
wise relatively prime and the b, have the same parity (exercise). Finally we 
can compute (f,*/,)* f; = [4,42, B, *]*[a3, B, *] = [aa 43, B, *] = 
f, *(f, * f;). Thus composition of classes is associative. 

Thus composition of classes is a group law. The group is finite by Corollary 
8.4 and Exercise 8.8 of Chapter 2 and Corollary 6.4 of Chapter 4. 

ii. There is nothing to prove unless A < 0. The result for negative discrimi- 
nants is clear from Definition 2.2 since then [a, b, *] is positive definite if and 
only if a > 0. | 


Definition 2.10. The class group €@¢(A) is defined for nonzero discriminants A 
to be the group of gaussian proper equivalence classes of discriminant A under 
composition of classes. 


The proofs of Lemmas 2.4 and 2.5 actually give a method for calculating 
the composition of classes. We close this section with an example. We 
determine @7(— 39). 

By Theorem 8.7 of Chapter 2 the elements of @2(— 39) will correspond to 
the reduced gaussian forms of discriminant — 39. It is easy to list them all: 
fo = (1,1, 10], fy = [2,1,5], 6 = [3, 3,4], and f, = [2, —1,5]. Thus @2(— 39) is 
a group of order 4. 


Let @, be the proper equivalence class of f;. Since f; = : - : fi, f; and 


f,; are improperly equivalent. Hence @; ' = @;. Since @, is not self-inverse it 
cannot have order 2. Thus @, is a generator @2(—39), which is cyclic: 
€/ = G;. 

Alternatively, compute @? directly: [2,1,5] ~ [5, —1, 2]. te ale 1,*]= 
[2,9, *] and § 6, —1, *] =[5,9, *]. Thus ¢2 is the class of [2,9, *]* 


1 


[5,9, *] = [10, 9, *] ~ fy. Therefore, 2 = @). 


Exercises 


1. Let A = b? — 4a,a,c. Express (a,x, + ((b + VA )/2) y1)(a5X5 + 
((b + VA )/2) ys) in the form a,a,X + ((b + VA )/2)Y. Compare with the 
Basic Identity 2.1. 
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2. Prove that there is just one proper equivalence class of forms of a given 
discriminant that represents 1, namely the principal class. 


3. i. Let M and N be positive integers. Write N = IIpJ1q,, where the p, 
and q, are primes such that p,|M and q,+ M. Let Ny = WN and let 
Np41 = N,/GCD(N,, M) for k => 0. Show that there exists k such 
that N, = N,.,, from which it follows that N, = I1q,. 


ii. Show that the integers r and s in the proof of Lemma 2.4 can be found 
from the data M, a,c without factoring. 


4. Prove the existence of the integers n, appearing in the proof of associativ- 
ity in Theorem 2.91. 


5. Prove that X* + 5Y? represents the product mn of any two integers m 
and n that are represented by 2X? + 2XY + 3Y”. 


6. Prove that X? + XY + 4Y? represents the product mn of any two 
integers m and n that are represented by 2X? + XY + 2Y?. 


7. List all reduced gaussian forms of discriminant —55. Determine the group 
structure on this set. 


8. Determine @7(A) for A = —84, —47, —87, —95, — 163. 


nd 


i. Let A be a nonzero discriminant and let @,, @, € @¢(A). Let f; = 
[a,;,b,, *] © @, and let F € @,€,. Show that there exist 2 x 2 matrices 
A =(a;,) and B= (6,;) with entnes a;,, 5b; Z such that 


fix, y)f,(u, v) = F(X, Y), where X = (x y)A(“) = A,,Xu + ay xv 


+ ady,yu + ay, yv, Y = (x y)B(*), det($ i |= a,, and 


ay, yy 
composition of the forms f, and f, iff there exist A and B giving such 
an identity relating f,, f,, and F. This definition is natural and quite 


important, but it is somewhat difficult to show that it leads to a group 
law on @7(A),.) 


det =a pe) a,. (Note: Gauss actually defines a form F to be a 


ii. Find A and B as ini for 
a. f, =f, = 2X? 4+ XY +2Y? and F= X*+ XY4+ 4Y’. 
b. f, =f, = 2X*2+ 2XY + 3Y? and F = X* + 5Y’. 
c. fy =f, = 2X24 XY + 3Y? and F = 2X? — XY 4 3Y”. 


10. Let & be an integer greater than 3 that is congruent to 3 (mod 8). Prove 
that [4,2,(k + 1)/4] © @¢@(—4k) has order 3. 


11. 


12. 


13. 


14. 


15. 


16. 
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Prove that [2,1, k] © @?(1 — 8k) has order at least 5 for k > 9. (Sugges- 
tion. Show that [2,1,2r]* ~ [4,1,r] and that [2,1,2r4 1]? ~ [4, —3, 
r + 1].) What is the order for 1 < k < 8? 


Let A be a negative discriminant. Show that the group of all proper 
equivalence classes of primitive forms of discriminant A is isomorphic to 
{+1} x @?(A). 


Let m be a positive integer. Prove that the map f(aX? + mXY) =a 


induces an isomorphism f: @¢(m7*) > U,,. (See Exercise 8.8 of Chap- 
ter 2.) 


Show that composition is a well-defined binary operation on equivalence 
classes of primitive forms of discriminant A # 0 (as opposed to proper 
equivalence classes) if and only if ¢* = @, for every @€ @7(A). 


i. Let n#0€Z and let (uy, u5, u3),(U;, 02, 03) € Z*. Suppose that 
GCD(u, u,u3) = 1 and u,v, = u,v; (mod n) for all i and j. Prove 
that there exists x € Z such that u,x = v, (mod 7) for all i = 1,2, 3. 

ii. Let A # 0 be a discriminant and let f, = [a,, b,,c,;], i= 1,2, be two 
integral forms of discriminant A. Suppose that a,a, #0 and that 
GCD(4,, a,,(b, + b,)/2) = 1. Prove that there exist integers n, and 


n, such that 
1 0 1 0 
‘Z al and Ln a0 


are concordant. ( Hint: 
1 0 
& 1 fix la. Bs], 


a,b,, and ((b, + b,)/2)B = (A + b,b,)/2 


where a,B=a,b,, a,B 
(mod 2a,a,).) 

Let A be a negative discriminant and let p < |A|/4 be a prime number. 

i. Show that p is not represented by the principal form f, of discriminant 
A. 

ii. Prove that |@7(A)| > 1 if either (a) p + A and x,(p) =1 or (b) p|A 
and p* + A or(c) |A| > 8 and A = 8 or 12 (mod 16). 


17. Let A be a negative discriminant such that |@7(A)| = 1. Show that: 


if A <—8 then A =0, 4,5, or 13 (mod 16) 

if A< —12 then A = 2 (mod 3) or 0 (mod 9) 

if A < —20 then A = 2 or 3 (mod5) or 0 (mod 25) 

if A < —28 then A = 3,5, or 6 (mod 7) or 0 (mod 49). 
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18. For x > 0 let t(x) equal the number of discriminants A such that 
—x < A <0 and |@¢@(A)| = 1. Prove that lim, _,.7(x)/x = 0. (See Ex- 
ercise 16.) In fact it is known that there are exactly 13 negative discrimi- 
nants A such that |@?(A)| = 1. 


3. The Genus Group 


Definition 3.1. An equivalence class or proper equivalence class of integral 
forms is said to represent an integer m iff m is represented by the forms in the 
class. 


The central problem of this chapter is to describe the set of primes that are 
represented by an equivalence class of forms. With the organization of the 
proper equivalence classes of gaussian forms of fixed nonzero discriminant A 
into the class group @¢(A) we have already constructed our main tool. It 
remains but to use it. 

The product rule Proposition 2.3 asserts that the composition @,@, of two 
primitive classes @, and @, will represent the product m,m, of any two 
integers m, represented by the @;. Thus the map that associates to each 
element of @/(A) the set of integers that that class represents has a homomor- 
phism-like property. A slight modification produces an actual group homo- 
morphism. We will associate to each element of @7(A) certain congruence 
classes mod A that contain integers represented by the class. 


Definition 3.2. For a nonzero discriminant A define the subgroup H, of Ux to 
be the set of all x © U, such that 


1. (x/p) = +1 for all odd prime divisors p of A and 


1 mod 4 if A = 12 mod 16 or 16 mod 32 
1 mod 8 if A = 0 mod 32 
lor7mod8 if A = 8 mod 32 
lor3mod8 if A = 24 mod 32 


Theorem 3.3. Let A be a nonzero discriminant. 

i. Let GE G¢(A). Let m,n be integers that are represented by @ and are 
relatively prime to A. Then m =n ©€ U,/Ayx. 

li. Let wy: @2(A) > U,/H, be the function defined by w,(@) = m, where 
@ and m are as in i. Then «a, is a group homomorphism. 
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Proof. i. Write m = nx (mod A). Weare to prove that x © Hy. Since mn = xn? 
(mod A) and n* € Hy, (because Hj contains all squares), it will suffice to prove 
that mn © Hy. 

Let f be a form in @, and let r,s, t, u © Z be such that f(r, 5s) =m and 
f(t, u) =n. Let y = & a Then yf = [m, /, n] for some integer /. Equating 
discriminants gives /* — 4mn = AX”, where X = det y. For every odd prime 
divisor p of A we have the congruence 4mn = /* (mod p), which shows that 
(mn/p) = +1. Thus mn satisfies 3.21. 

Now suppose that A is even. We want to check that mn satisfies condition 
3.211. Note that / is even and let L =//2. Then mn = L? — AX*/4. Let 
A = 2%d, where d is odd. Since mn is odd, L is odd in case a > 3. All now 
follows from separate consideration of the four congruences: 


L* — dx* (mod4) ifa=2 
1 —2dX?(mod8) ifa=3 
1—4dxX?(mod8) ifa=4 
1 (mod8) ifa>5 


11. The existence of an integer m as in Theorem 3.31 is assured by Lemma 
2.4. Theorem 3.31 proves that the function w, is well defined. That w, is a 
group homomorphism follows trivially from the product rule Proposition 2.3. 

a 


Definition 3.4. The gauss symbol w, is defined for nonzero discriminants A to 
be the homomorphism w,: @¢(A) — U,/H, that is constructed in Theorem 
3.3. 


Definition 3.5. The genus group (group of genera) Gen(A) is defined for 
nonzero discriminants A to be the quotient group Yex(A) = @2(A)/(ker w,). 

The identity element % in Yex(A) is called the principal genus. Thus a 
gaussian proper equivalence class @ and the forms it contains are said to 
belong to the principal genus iff w,(@) = 1. 


Explicit computation of the Gauss symbol w, for a nonsquare A yields 
information on the representability of prime numbers by forms of discrimi- 
nant A which sometimes refines that given by the Kronecker symbol x ,q. 
Gauss determined both the image and kernel of w, in brilliant sections of his 
Disquisitiones. We conclude this section with an introduction to these topics 
and an example. 

Let A be a nonsquare discriminant. The kernel of the Kronecker symbol x, 
contains the congruence classes of primes that can be represented by primitive 
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forms of discriminant A. The image of the gauss symbol a, is given by the 
congruence classes of integers that can be represented by primitive forms of 
discriminant A. It is perhaps not surprising that the image of w, and the 
kernel of x, are equal. That is our next result. 


Theorem 3.6. Let A be a nonsquare discriminant. 
1. Hy C ker xq. 
ll. Mwy, = (ker x ,)/Aj. 
il. Gew(A) = (ker x,)/Aj. 


Proof. 1. Let A = 2°d, where d is odd and let x € Hy. The condition 3.21 of 
the definition of H, evaluates the Jacobi symbol (x/|d|) = 1. 

If A is odd, then x,(x) = (x/|da}) = 1. 

If A is even, then 


Kaley CST EON) (x/al) (=e 7x)". 


It is easy to check, using Definition 3.211, that both factors in the final product 
for x,(x) equal 1 except when A = 24 (mod 32) and x = 3 (mod 8), in which 
case both factors equal —1. In all cases, x,(x) = 1. 

li. We prove first that 1m w, C (ker x,)/Ap. 

Let €€ @¢(A) and let m be an odd integer relatively prime to A that is 
represented by @. We can assume that m > 0. If A <0, this is automatic 
because then @ is positive definite. If A > 0, then it is easy to see that the 
principal class in @¢(A) represents negative odd integers relatively prime to A 
and so the product rule Proposition 2.3 can be used to insure that m > 0. 
Let fe @ and let r,s € Z be such that f(r,s) =m. After replacing r, s, 
and m by r/g, s/g, and m/g’, where g = GCD(r, s), we may assume that 
GCD(r, s) = 1. 

Let y= (" ‘je SL,(Z). Let yf=[m,/,n]. The discriminant equation 
gives A= /1*—4mn=I1? (modm). Thus x,(m) = (A/m) = (l/m)* = 1. 
Therefore, w,(@) = m € ker x,y. 

Finally we prove that kery, Cima, Let me€keryx,. By Dairichlet’s 
Theorem on Primes in Arithmetic Progressions, there is a prime number p 
such that p = m (mod A). Since x,( p) = 1, by Theorem 10.1 of Chapter 3 
there is a form f of discriminant A that represents p. Since pt A, by 
Proposition 10.4 of Chapter 3 the form f is primitive. Thus m = p = w,(@) 
© imo, where @ is the proper equivalence class of f. 

11. Fundamental Theorem of Homomorphisms. a 
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The inclusion (ker x,)/H, C imo, of Theorem 3.611 is a very strong 
existence theorem for genera. It will play an essential part in the proof of the 
Three Squares Theorem 1.1. A proof of this inclusion that does not depend on 
Dirichlet’s Theorem on Primes in Arithmetic Progressions will be discussed in 
Section 4. 


Definition 3.7. The homomorphism sq,: €?(A) — @2(A) is defined for non- 
zero discriminants A by the formula sq,(@) = @?. 

The group of ambiguous classes &%mé(A) is defined to be the kernel of 
SQ: 

The group /g(A) is defined to be the image of sq,. Thus /¢(A) = 
{@7|\€@e f(A)}. 


Theorem 3.8. The Duplication Theorem. Let A be a nonzero discriminant. 
Then ker w, = /9(A). 


Start of Proof. The inclusion /¢(A) C ker w, is trivial because every element 
of U,/H, has order 1 or 2. The proof of the reverse inclusion requires quite 
different techniques. We begin the discussion of these in the next section. The 
proof of Theorem 3.8 will be completed in Section 7. = 


We illustrate the preceding theory by continuing the example of discrimi- 
nant — 39 which we began in Section 2. 

By Theorem 2.6 of Chapter 3, we discover that H_3. = {x7|x © Uy}. 
From this it is easy to show that H_,. = {1,4, 10, 16, 22,25} C U,,. Since a 
form [a,b,c] represents both a and c, one observes that w_3(@)) = 
W_36(@,) = H_3, and that w_3(@)) = w_39(@3) = 2H_39 = {2,5, 8, 
11, 20, 32} C Us . Note that these calculations verify Theorems 3.6 and 3.8 in 
the case A = — 39. 

Now let p be a prime number other than 3 or 13. By Theorem 10.1 of 
Chapter 3, p is represented by a form of discriminant — 39 if and only if 
X_39( p) = 1 if and only if p is congruent mod 39 to an element of H_ 3, U 
2H _ 3 9. Taking into account the fact that f, and f, are equivalent (though not 
properly equivalent) and hence represent the same integers, we learn that p is 
represented by f, or f, if and only if p = 1, 4, 10, 16, 22, or 25 (mod 39) and 
that p is represented by f, if and only if p = 2,5,8,11,20,32 (mod 39). 
Finally note that 3 and 13 are represented by f,. 

We have not given a congruence condition that determines which of the two 
forms f, or f, represents a prime p © H_ 4, and in fact it can be proven that 
no such congruence condition exists. The problem is that w_,} .(@)) = 
W _39(@,). The situation is nicer for discriminants A for which w, is injective, 
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1.e., for discriminants such that there is just one equivalence class of forms in 
each genus. But even for A = —39 we have gone beyond the information 
available from the Kronecker symbol. 


Exercises 


1. Which prime numbers can be represented by X? + 5Y*? Answer with 
congruence conditions. (Compare with Exercise 10.7 of Chapter 3.) 


2. List the reduced gaussian forms of discriminant A = —15, 
—55, — 84, —23. Determine as far as possible with congruences which 
primes each of these forms represents. 


3. Find a nonzero discriminant A and a positive integer m © Hy, such that m 
is not represented by any form of discriminant A. 


4. i. Let m be a positive integer. Show that there is a homomorphism 
w: U, > U,2/H,,2 such that w(a) = a. Prove that w is surjective and 
that kerw = {x?|x € U,}. 
ii. Let A be a nonzero square. Prove that w,: @f(A) —~ Ux/Hy4 is surjec- 
tive and that ker w, = “g(A). (See Exercise 2.13.) 


5. Show that the class group @7(A) of a nonsquare discriminant A = +p%q’, 
p and q odd primes, cannot be isomorphic to {+1} xX {+1}. 


6. i. Let A = 1 (mod 4). Prove that Hy = {x?|x € }. 
ii. Prove that H,, = {x’,x*(1 — n)|x © Uy,} = (x*, x? — n|x © U,,} if 
n is even and that H,, = {x*,x7(4—n)|x © U,,} = {x’,4x7 — nl 
x € U,,} if n is odd. 


7. Let a,b © Z be nonzero and relatively prime. Prove that the following 
three assertions are equivalent. (a) There exist a, 8 € Z such that a? = 
a (mod b) and B* = b (mod a), and a and b are not both negative. (b) 
aX* + bY? is in the principal genus of @7(—4ab). (c) There exist integers 
x, y, z such that ax? + by? = z” and GCD(z, 4ab) = 1. 


8. Let A be a nonzero discriminant. Let @?(A) = A ® C(2)’ ®7_,CQ”), 
where A has odd order, C(n) denotes a cyclic group of order n, m, > 2, 
and r,s > 0. Prove that | @#(A)| = 2’** and that |.~/mé(A) N Y| = 2°. 


9. Let A be a negative discriminant and let @?*(A) be the group of all 
proper equivalence classes of primitive forms of discriminant A, positive 
definite or not. Show that a homomorphism w*: ¢@2*(A) — U,/H, which 
extends w, may be defined by the same procedure that defines w,. Prove 
that w* is surjective. 
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10. A positive integer d is said to be convenient iff w_,, 1s injective. (There 
are 65 known convenient numbers, all found by Euler. There are probably 
no more.) 


i. Prove that 3, 7, and 15 are the only convenient numbers that are 
congruent to 3 (mod 4). (Hint: If d+ 1 = 2’c where c is odd and 
greater than 1, consider [2’,2, c]. If d + 1 = 2’, consider [8,6,2’~? + 
1}.) 

li. Let d be a convenient number that is congruent to 1 (mod 4). Prove 
that d= 1 or d+ 1=2p, where p is an odd prime number. Prove 
that d+ 4 =q or q’, where g is an odd prime number. 


iii. Find all odd convenient numbers less than 100. (There are 15 of them.) 


11. Let d be an even convenient number. 
i. Prove that d+ 1 = p or p’, where p is an odd prime number. 


ii. Prove that d = 18 or 72 or d+ 9 = q, q’, or 3g, where g is a prime 
number greater than 3. (Hint: Consider separately the cases 3|d 
and 3 + d. Eliminate the possibility d + 9 = 3’, r> 6, with [27, 12, 
37-3 + 1),) 

iii. Find all even convenient numbers less than 100. (There are 21 of 
them.) 


12. Let d be a positive odd integer such that —d is a discriminant and w__, is 
injective. 
1. Show that if d = 7 (mod 8), then d = 7 or 15. 
ii. Show that if d = 3 (mod 8), then d = 3 or d+ 1 = 4p or 4p’, where 
p is an Odd prime number. 


iii. Find all odd negative discriminants A such that |A| < 100 and ay is 
injective. (There are 13 of them.) 


13. List the reduced gaussian forms of discriminants —144 and —256. De- 
termine as far as possible with congruences which primes each of these 
forms represents. Then turn to Exercises 10.8 and 8.6 of Chapter 3. 


4. What Gauss Did 


Throughout this section A will denote a nonsquare discriminant. 
We want to discuss the relationship between the following three true 
propositions, each of which has a direct proof. 
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Proposition 4.1. 1m w, = (ker x ,)/A4. 


We have already stated and proved Proposition 4.1 as Theorem 3.6. The 
proof of the inclusion (ker x,)/H, C ima, relied crucially on Dirichlet’s 
Theorem on Primes in Arithmetic Progressions, which we have not proved. 


Proposition 4.2. ker w, = 1m sqy,. 


This is Gauss’s Duplication Theorem 3.8. The most natural proofs of the 
containment ker w, C im sq, rest on the theory of integral quadratic forms in 
three variables. We will present such a proof of Proposition 4.2 in Section 7. 


Proposition 4.3. |.%2(A)| = 5|U,/HA,l. 


Proposition 4.3 can be proved by separate evaluation of the two sides of the 
equation. This will be the subject of Section 5. 

Gauss discovered that any two of the preceding three propositions easily 
imply the third. Dirichlet’s Theorem was not available to Gauss in the 1790s, 
so he proved Proposition 4.1 as a consequence of Propositions 4.2 and 4.3. 


Demonstration That Any Two of the Propositions 4.1—4.3 Easily Imply the 
Third. To begin with, we regard the two inclusions im o, C (ker x¥,)/H, and 
im sq, © ker w, as easy. Elementary proofs were given in Section 3. Therefore 
Propositions 4.1 and 4.2 will follow from the weaker assertions: 


Proposition 4.1’. |im w,| = |(ker x ,)/A,|. 
Proposition 4.2’. |ker w,| = |im sq,|. 


We must now show that any two of Propositions 4.1’, 4.2’, and 4.3 imply 
the third. This is a simple exercise starting with three known equalities (4.4). 
Both (4.4a) and (4.4b) are versions of the Fundamental Theorem of Homo- 
morphisms. Note that (4.4c) is a consequence of Theorem 3.61 and Proposition 
9.3vi of Chapter 3. 


|ker w,| - |im w,| = |@2(A)|, (4.4a) 
|. ~on8(A)| - jim sqa| = |@2(A)|, (4.4b) 
(ker x, )/Hy| = 3]U,/Agl. m (4.4c) 


Since C#(A) is a finite abelian group, there is an isomorphism @7(A) = 
A ®7_,C(2”), where A had odd order, C(n) denotes a cyclic group of order 
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n, all n, > 0, and r>0. Then |.%é(A)| = 2”. Therefore, an evaluation of 
|. 22€(A)| as in Proposition 4.3 gives some information on the structure of the 
class group @¢(A), about which very little is known in general. 

Gauss observed that the Law of Quadratic Reciprocity Proposition 1.2 of 
Chapter 3 can be deduced from Proposition 4.3 alone. We close this section 
with Gauss’s second proof of quadratic reciprocity. It 1s very satisfying to have 
a proof of the reciprocity law that springs from the theory of binary quadratic 
forms. 


Proof of Proposition 1.2 of Chapter 3. We prove the equivalent statement 
Proposition 3.4111. We will need only a weakened form of Proposition 4.3, 
namely: 


Proposition 4.3’. |.7%é(A)| < 3|U,/A4l. 


The three assertions Proposition 4.3’, (4.4a), and (4.4b) are easily combined 
with the trivial inclusion im sg, C ker w, to produce the real starting point for 
this proof, which is 


Jim w,| < 5|Uy\/Agl. (4.5) 


Let p and g be distinct odd prime numbers. We divide the analysis into 
two cases. 


Case I. (p* / q) = 1. We are to prove that (g/p) = 1. 

Let A = 4p* = 4 (mod 16). By Definition 3.2 of Hy, the map T: U,/H, > 
{+1} given by T(x) = (x/p) 1s a group isomorphism. By (4.5), T(im w,) = 
{+1}. 

Let b,c € Z be such that p* = b* — gc. Then f = [g,2b, c] is a gaussian 
form of discriminant A. Since f represents g we can compute 1 = T(w,(f)) 
= T(q) = (q/p), as desired. 


Case 2. (p* / q) = —I1. We are to prove that (g/p) = —1. 

If p or g=1 (mod4), then (p*/q) = (p/q). Thus by Case 1 we have 
(q/P) = (q*/p) = —1. 

Suppose now that p = g = 3 (mod 4). Let A = 4pq = 4 (mod 16). Consider 
the homomorphism T: U,/H, > {+1} K {+1} given by T(x) = ((x/p), 
(x/q)). Definition 3.2 shows that T is well defined and injective. Surjectiv- 
ity of T is a consequence of the Chinese Remainder Theorem 2.2 of Chap- 
ter 3. Thus JT is a group isomorphism. By (4.5), |imo,| < 2. Since 
T(w,([—1, 0, pg])) = (—-1/p), (—-1/g)) = (—1, —1), we can conclude that 
Tam w,) = {(1,1),(-1, -)}. 
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We now need a lemma that strengthens one aspect of Theorem 3.31. 


Lemma 4.6. Let A be a nonzero discriminant and let p be an odd prime 
divisor of A. Let @& @@(A). Let m,n be integers that are represented by @ 
and are relatively prime to p. 


Then (m/p) = (n/p). 


Proof of Lemma 4.6. Minor modification of the first two paragraphs of the 
proof of Theorem 3.33. | 


Now let m be an integer that is represented by f=[g,0,—p] and is 
relatively prime to A. Using Lemma 4.6 and the fact that f represents g and 


—p we find that T(o,(f)) = ((m/p),(m/q)) = (4/P),(—P/q)) = (4/P), 
(p*/q)) © {0,1),(—1, — 1}. Therefore ( p*/q) = (q/p). a 


Exercises 


1. Let A be a nonzero square. It will be proved in Sections 5 and 7 that 
kerw, = imsq, and that |#%xé(A)| =|U,/H,|. Deduce that ima, = 
U,/H,. Thus wy, is surjective. 


2. Write out a detailed proof of Lemma 4.6. 


5. Counting Ambiguous Classes 


Theorem 5.1. Let A be a nonzero discriminant. Then 


11U,/H,| if A is anonsquare 


Amt (A)| = 
de) bas if A is a square 


We will prove Theorem 5.1 by making separate evaluations of the two sides 
of its equation. 


Proposition 5.2. Let A be a nonzero discriminant and let r be the number of 
odd prime divisors of A. Then 


2 if A = 1 (mod 4) or 4 (mod 16) 
JU,/H,| = 4 2'** if A = 12 (mod 16) or 8, 16, or 24 (mod 32). 
a+2 if A = 0 (mod 32) 
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Proof. Let p,,..., p, be the distinct odd prime divisors of A and let A = 
{+1}’, an abelian group of order 2’. Define a homomorphism ¢: WU, > A by 
the formula $(x) = ((x/p,),...,(x/p,)). 

Let B = {1}, {+1}, or U,, an abelian group of order 1, 2, or 4, determined 
so that |A X B| equals the value of |U,/H,| that is asserted in Proposition 5.2. 
Define a homomorphism y: U, > B as follows. If B = {1}, then of course y 
is trivial. If B = U,, then Y(x) = x. In the remaining cases, y is defined by its 
kernel: ~(x) = 1 if and only if (a) x =1 (mod4) if A=12 (mod16) 
or 16 (mod 32); (b) x = 1 or 7 (mod 8) if A = 8 (mod 32); (c) x =1 or 3 
(mod 8) if A = 24 (mod 32). 

A quick glance at the Definition 3.2 of H, shows that Hj, is the kernel of 
the homomorphism ¢ X ¥: U,/H, > A X B. Since W~ and each of the r 
projections of are surjective, the Chinese Remainder Theorem 2.2 of 
Chapter 3 proves that ¢ X y~ is surjective. Thus U,./H, = A X B, which 
establishes the proposition. | 


The calculation of |.%é(A)| is more interesting. 


Definition 5.3. A binary form f is ambiguous iff there exists y € GL,(Z) such 
that yf = f and det(y) = —1. 

A form f is special ambiguous iff either one of the following two conditions 
holds. 


1. (2 Vs = f (equivalently, f is of the form [a, 0, c]). 


ii. (2 Bay = f (equivalently, f is of the form [a, a, c]). 
Proposition 5.4. Let A be a nonzero discriminant. 

i. Every proper equivalence class of forms of discriminant A that contains 
an ambiguous form must contain at least one special ambiguous form. 

ii. All proper equivalence classes of ambiguous forms of discriminant A 
contain exactly the same number of special ambiguous forms. That number is 
2 if A < 0 orif A is a square. That number is 4if A > 0 and A is a nonsquare. 

iu. The number of primitive special ambiguous forms of discriminant A is 
given by the following table, where r denotes the number of distinct odd prime 
divisors of A: 


A [a,0, c] [a, a,c] Total 
A = 1 (mod 4) ja 2 
A = 4(mod 16) ae pe 
A = 12 (mod 16) 9 ie 2s Dee 
A = 8, 16, or 24 (mod 32) ar+2 hai 


A = 0 (mod 32) i ja Qe 
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We shall need a simple matrix lemma. 


Lemma 5.5. i. Let y € GL,(Z) be such that det y = —1 and y* = 1. Then 
Teak ~ 20 1 0 

there exists T € SL,(Z) such that TyT”* = (2 7) or t ih 

i. There does not exist T € GL,(Z) such that ‘ale Ei = (2 2) 


in. If 7 € SL,(Z) commutes with either e | or (2 } then T = 
1 0 
+(5 i) 


Proof. 11 and ii are easy calculations. We prove 1. 

Let y € GL,(Z) satisfy y* = 1 and det y = —1. 

The eigenvalues of y must lie among the roots of the equation X? — 1 = 0, 
which y satisfies, and their product must equal — 1. Hence the eigenvalues of y 
are 1 and —1. (Alternatively, observe that x = w + wy Satisfies the equation 
xy = +x for every w € Z”.) 

Let u=(p q)€Z? satisfy uy =u and GCD( p,q) = 1. Choose v = 
(rs) € Z* so that T= “) (2 ‘Ne SL,(Z). Since v + vy is an eigenvec- 
tor of y for the eigenvalue 1, it must be a multiple of u, say v + vy = au, 
where a € Z. After replacing v by v + nu with suitable n € Z (which does 
not change the determinant of 7), we can suppose that a = 0 or 1. 

Then 


TT =( gy a y|T t= (2 S)rro=( i Z 


Proof of Proposition 5.4. Let 2 = 6 a (2 By? 


i. Let @ be a proper equivalence class of forms of discriminant A and let 
fe @ and y € GL,(Z) satisfy yf = f and det y = —1. By Theorem 5.6 of 
Chapter 4 and Lemma 5.5i there exists T € SL,(Z) such that TyT~' € &. 
Then 7f € @ is special ambiguous, as is shown by the calculation TyT~* - Tf 
= Tf. 

u. Let f be an ambiguous form of discriminant A and let @ be its proper 
equivalence class. Let G = Wud¢'(f) = {7 © SL,(Z)|tf =f} and let H = 
{7?|7 © G}. Since G is a commutative group, H is a subgroup. We will show 
that the number of special ambiguous forms in @ is equal to the index (G: #7) 
of H in G. By Corollary 5.5 of Chapter 4, if A < 0 orif A is a square, then G 
is cyclic of order 2, 4, or 6 and so(G: H) = 2. If A is a positive nonsquare, 
then G = {+1} X Z and so(G: A) = 4. 

Let y be a fixed improper automorphism of f. Let + € G. Since yr is an 
improper automorphism of f, there exists T € SL,(Z) such that A = TytT™? 
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© #. The form 7f is a special ambiguous form in @. If S € SL,(Z) and 
B = SytS~' € @, then by Lemma 5.5ii we must have A = B. Thus ST"! - A 
-(ST~1)7! = SytS~ 1 = B = A. By Lemma 5.5iii, S = +T and so Tf = Sf. 
We have proved that there is a well-defined map @¢ from G to the set of special 
ambiguous forms in @ given by $(7) = 7f. 

The map @ is surjective. Let g be a special ambiguous form in @. Let 
A € & be such that Ag = g and let T € SL,(Z) be such that 7f = g. Then 
t= y !T "VAT is such that $(7) = Tf = g. 

The map ¢ is constant on cosets of H. Let 7,0 € G. Let T € SL,(Z) be 
such that A = TytT~! © &. Then To - yto*- (To) 1 = A (using Theorem 
5.6 of Chapter 4). Thus $(7) = Tf = Tof = $(107’). 

The map ¢ is injective on cosets of H. For suppose that $(7) = ¢$(o0) 
where 1,0 © G. Let T, S € SL,(Z) be such that both A = TytT™* and 
B = SyoS~! lie in &. Both A and B are automorphisms of (7). Since no 
form of nonzero discriminant can have both e es and ; o as automor- 
phisms, we must have A = B. Noting that Tf = Sf implies that S~'T € G, we 
compute that tr = y(T4S)yo(S~'T) = o(S~'T)?. Hence 7 and o are in the 
same H-coset of G. 

In summary, ¢ gives a bijection between the set of cosets of H in G and the 
set of special ambiguous forms in @. This proves what we wanted. 

iii. We first count the primitive forms of discriminant A that are of type 
[a,0, c]. There are clearly none if A is odd, so suppose that A = 0 (mod 4). We 
must have ac = —A/4 and GCD(a, c) = 1. The integer a is determined by 
specifying its sign and its set of prime divisors, which can be any subset of the 
set of prime divisors of A/4. Hence the number of primitive [a,0, c] equals 
2'**, where t denotes the number of prime divisors of A/4. 

We next count the primitive [a, a, c] of discriminant A. If A is odd, then 
every divisor a of A leads to an integral form [a, a,c], because then 
c=(a*—A)/4ae€Z. From A/a=a-— 4c we see that GCD(a,c) = 
GCD(a, A/a). Thus the a that lead to primitive forms are determined by 
specifying their signs and their sets of prime divisors, which can be any subset 
of the set of r prime divisors of A. There are 2’*! such a in all. 

Now suppose that A is even. If [a, a, c] is primitive of discriminant A, then 
a is even and c is odd. If a= 2x with x odd, then A = a’ — 4ac = 12 
(mod 16). If 4]a, then A = a* — 4ac = 0 (mod 32). Hence there can be no 
primitive forms [a, a, c] unless A = 12 (mod 16) or 0 (mod 32). 

Suppose that A =12 (mod16). We are to count the primitive forms 
[2x,2x,c] of discriminant A. Primitivity implies that c is odd. Thus the 
equation A/4x = x — 2c shows that GCD(2x, c) = GCD(x, A/4x). So x is 
determined by its sign and its prime divisors, which lie among the , prime 
divisors of A/4. There are 2’! such x in all. 
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Finally suppose that A = 0 (mod 32). We count the primitive [4x, 4x, c] of 
discriminant A. From A/1l6x =x-—c we learn that GCD(4x, c) = 
GCD(x, A/16x). We can specify x by its sign and its prime divisors, which lie 
among the r + 1 prime divisors of 4/16. There are 2”*? such x in all. i 


Proof of Theorem 5.1. Combine Propositions 5.2 and 5.4. Just remember that 
if A < 0, then only half the primitive forms counted in Proposition 5.4111 are 
gaussian, since [a, b, c] is positive definite if and only if a is positive. a 


Exercises 


1. Let A be a negative discriminant. Show that a reduced positive definite 
form of discriminant A is ambiguous if and only if it is of one of the three 
forms [a,0,c], [a, a,c], or [a, b, a]. 


2. Let A be a nonzero discriminant. 


i. Show that the set of special ambiguous forms of discriminant A is 
partitioned into pairs of properly equivalent forms of the three types 
{[a, 0, c], [c, 0, a]}, {[a, a, c], [4c -— a, 4c — a, cl}, and 
{[2c, 2c, c],[c, 0, c]}. 

li. Suppose that A < 0. Prove that two forms from distinct pairs of i cannot 
be properly equivalent. (Hint: Do this first for pairs of positive definite 
forms by showing that two positive definite forms from distinct pairs are 
properly equivalent to distinct reduced forms. The reduced form for a 
pair of the second type may equal [c, +(2c — a), c].) Hence give a new 
proof of Proposition 5.411 for negative A. 


3. Deduce Proposition 5.41 for positive nonsquare discriminants A from 
Exercise 6.11 of Chapter 4. 


4. Let p be a prime number congruent to 1 mod4. Let t= [Vp ]. Deduce 
from Theorem 5.1 that [1,2t,t? — p] and [—1,2t, p — t?] are properly 
equivalent. Conclude that the negative Pell equation X* — pY* = —1 has 
an integral solution (by Exercise 5.411 of Chapter 4). For an application to 
the equation X? + Y? = p, see Exercise 6.8ii of Chapter 4. 


6. The Ternary Form Y? — XZ 


We present one theorem from the theory of ternary quadratic forms. It will be 
needed for our proof of Gauss’s Duplication Theorem, which will be given in 
the next section. 
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The definitions we need are straightforward analogues of the definitions 
from binary forms we have long been working with. We write GL,(Z) to 
denote the group of 3 X 3 matrices with integer entries and of determinant 
equal to +1. 


Definition 6.1. An integral ternary quadratic form is a homogeneous poly- 
nomial F of degree 2 in three variables with integer coefficients. 

The matrix M(F) of F = aX* + bY* + cZ* + uXY + vYZ + wXZ is the 
symmetric 3 X 3 matrix 


a u/2 w/2 
M=)u/2 b O72:\: (6.2) 
w/2 v/2 (6 


The determinant 5(F) of a ternary quadratic form F is defined to be the 
determinant of the matrix M(F) of F. 

Two integral ternary quadratic forms F and G are said to be equivalent iff 
there exists a matrix y € GL,(Z) such that F(CX, Y, Z)y) = G(X, Y, Z) 
(equivalently, such that y - M(F) -‘y = M(G)). 


Theorem 6.3. Every integral ternary quadratic form of determinant —1/4 is 
equivalent to the form Y* — XZ. 


We will need some simple facts about cofactor matrices, which we discuss 
now as they will also be useful in Sections 7 and 8. Let M be a nonsingular 
3 xX 3 matrix of determinant 6 # 0. Write M for the matrix of cofactors of M. 
The equation M -'M = 8] shows that det M = 67. Thus M -'M = 87J, from 
which we get M = 6M. Finally, note that the cofactor matrix is multiplicative. 
The cofactor matrix of M-WN equals M- WN for every pair of nonsingular 
3 X 3 matrices M and N. 


The proof of Theorem 6.3 will be based on a general lemma. 


Lemma 6.4. Every integral ternary quadratic form of determinant 6 # 0 is 
equivalent to a form F = aX? + uXY + bY? + wXZ + vYZ + cZ? such that 


(a) |a| < y|u* — 4ab|/3 and (b) |u* — 4ab| < V64|ad//3. 
3 
For such a form F we have the inequality |a| < 4y/é|. 


Proof. This lemma will be seen to be a consequence of the reduction theory of 
binary quadratic forms. 

We first interpret the second inequality (b) of the lemma, revealing a 
symmetry between the two inequalities (a) and (b). 
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We work with a 3 X 3 matrix 


a 
M=|u/2 
w/2 
of determinant 6 as in (6.2). Let 
A 
M=|U/2 
W/2 


u/2 w/2 
b v/2 
v/2 (6 
U/2 W/2 
B V/2 
V/2 © 


be the matrix of cofactors of M. The equation M = 6M shows that 6a = BC 
— V*/4. Since C = ab — u*/4, the inequality (b) is the same as (b’): |C| 


< \|V? — 4BC//3. 


There is one last preliminary observation to be made. Let y € GL,(Z). 
Then the matrix of cofactors of y - M -‘y equals y - M -‘y, where 7 = det(y) 


yl | GL,(Z). 


Let F, be an integral ternary form of discriminant 6 # 0 and with matrix 
M,. We use lower- and uppercase letters as before, subscripted in a natural 
way, to denote the entries of M, and Mp. If the inequality (a) does not hold 
for M,, choose 6 € SL,(Z) (by Proposition 8.3 of Chapter 2, Theorem 6.31 of 
Chapter 4, and Exercises 8.8 and 8.9 of Chapter 2) such that 6[d , uo, bo] = 


[a,, u,, b,] satisfies 


|a,| < yur — 4a,b,|/3 = Vlus — 4agbol/3 < |aol- 


Let 


0 
00 


Tis = 


0 
0 | € GL,(Z) 


and let M, = y, - M, -"y,. Observe, in an obvious notation, that C, = Cp. 
If the inequality (b’) does not hold for M,, proceed similarly. Choose 
6 © SL,(Z) such that 6[B,, V,, C,] = [B,, V2, C,] satisfies 


|C,| VIVE — 4B,C,|/3 < |Cl- 


Let 


0 


€ GL,(Z) 


and let M, = 7, - M, -‘y,, so that M, = y,- M, -“y. Clearly a, = ay. 
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Iterate in alternating order the two processes of the previous two para- 
graphs to construct a sequence M,, M,, M,, M,,.... As long as one of the 
inequalities (a) or (b’) fails for M,, the sequence can be continued to M,,,. We 
have seen that |a,| > |a,| = |a,| > |a,] = --- =O and that |G| =|C,| > |C| 
= |C,| > --- = 0. Since the a; are integers and the C, are quarter integers, 
the sequence must stop with a matrix M that satisfies both (a) and (b’). The 
form F whose matrix is M is a form that is equivalent to Fo and satisfies (a) 
and (b) as sought. 


3 
The inequality |a| < 4y\8| follows directly from (a) and (b). a 


Proof of Theorem 6.3. By Lemma 6.4 every ternary form of determinant —1/4 
is equivalent to a form with a = u = 0. A general form of this type has matrix 


0 0 w/2 
M=j) 0 b v/2 
w/2 v/2 ( 
Let 
1 0 0 
y=|a 1 0} € GL,(Z). 
B O 
Let 
0 O w/2 
M,=y:M-'y=]|- b (v+wa)/2\. 
c+ wf 


In our case, det M = —bw*/4 = —1/4, which implies that b = 1 and that 
= +1. Thus a suitable choice of a, B € Z gives 


0 0: sEl72 
M, = 0 1 0 ’ 
+1/2 0 ) 
the matrix of the form Y? + XZ. The sign of the coefficient of XZ can be 
adjusted by transforming with ¢ = diag(1,1, —1) € GL,(Z). | 
Exercises 


1. Let 6 @R. Show that there is an integral ternary quadratic form of 
determinant 6 if and only if 46 € Z. 
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2. Let f be an integral ternary form of determinant 6. Show that f represents 
, 3 
an integer m such that |m| < 4y|6|. 


3. Show that every integral ternary quadratic form with determinant 0 is 
equivalent to a binary form aX? + uXY + bY”. 


4. Prove that every integral ternary quadratic form of determinant 1/2 is 
equivalent to XZ — 2Y? orto X7+ XY+ Y*+ XZ+ YZ+ Z?=1/4X 
— Y)?+2/3,X + Y+ Z)? + 1/12(X + Y-—2Z)? and that these two 
forms are not equivalent. 


5. An integral ternary quadratic form is classically integral iff all the entries in 
its matrix are integers. Show that every form that is equivalent to a 
classically integral form is classically integral. 


6. Prove that every classically integral ternary form of determinant 1 is 
equivalent to2XZ — Y? orto X? + Y?+ Z? and that these two forms are 
not equivalent. To which of these forms is X¥? — Y? — Z? equivalent? 


7. Let m> 0 be congruent to 1, 2, 3, 5, or 6 (mod8). Prove that m is 
represented by the form X?+ Y?+ Z*. (Sketch of solution: Show that 
there exists a classically integral form mX? + bY* + cZ? + 2XZ4+2fYZ 
= 1/m(mX + Z)? + 1/b(bY + fZ)? + (6/mb)Z? with b> 0 and de- 
terminant 6 = mbc — mf* — b =1 that represents m. To do this, use 
Dirichlet’s Theorem on Primes in Arithmetic Progressions. If m = 2 (mod 4) 
take b prime, b = m — 1 (mod 4m). If m = 1 (mod 4) take b = 2p with p 
prime, p = (3m — 1)/2 (mod4m). If m = 3 (mod 8) take b = 2p with p 
prime, p = (m — 1)/2 (mod 4m). Appeal to Exercise 6.) 


7. The Duplication Theorem 


In this section we complete the proof of the Duplication Theorem 3.8. 


Proposition 7.1. Let A be a nonzero discriminant. Let f be a gaussian form of 
discriminant A that lies in the principal genus of @7(A). 

i. There exist x, y € Z such that f(x, y) = 1 (mod A). 

li. There exists 
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such that 


f(X,Y) = (_X4 5,Y) — (AX + yp ¥)(4X + 55Y) 
and 
GCD(r,55 — m5,,2A) = 1. 


iii. The form f represents a square m* such that m ¥ 0 is relatively prime 
Pp q yp 


to A. 


Proof. 1. We first prove a stronger result for the principal form f,. Let m be an 
integer relatively prime to A such that m € H,. We will show that for every 
prime number p that divides A and every n > 0 there exist integers x, y such 
that f(x, y) = m (mod p”). For an odd prime p this is possible with y = 0, 
for since f)(X,0) = X* and (m/p) =1 we can apply Proposition 2.5i of 
Chapter 3. Now suppose that p = 2 and A = 0 (mod 4). We want to solve the 
congruence X? — (A/4)Y* =m (mod2"). If A/4=1 (mod4) and m= 
3 (mod 4), choose X € {0,2} such that X* — m = A/4 (mod 8) and choose Y 
by Proposition 2.511 of Chapter 3. Otherwise, choose Y € {0,1,2} such that 
(A/4)Y* + m = 1 (mod 8) and choose X by Proposition 2.5ii of Chapter 3. It 
follows by Proposition 2.4 of Chapter 3 that there exist x, y © Z such that 
fo(x, y) = m (mod A). 

Now let f be as in the statement of the proposition and let n be an integer 
relatively prime to A that is represented by the proper equivalence class to 
which f belongs. Let m € Z be such that mn = 1 (mod A). Since f is in the 
principal genus we have n € Hy and thus also m € Hy. By the preceding 
paragraph the principal class @ represents an integer M that is congruent to 
m mod A. Hence @= ©,@ represents Mn. This means that f represents Mn, 
which is congruent to 1 (modA). 


li. Let f = [a, b,c]. There exist integers /, m,n such that det A = —1/4, 
where 
a b/2 = 1/2 
A= |b/2 Cc m/2). 
L/2 m/2 n 


This follows readily from Proposition 7.11 and the computation det A = 
—1/4( f(m, —1) + nd). 
Let M be the matrix of Y* — XZ: 
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By Theorem 6.3 there exists tT € GL,(Z) such that 7+ - M -'r = A. Write 


ie. Uo, tS 
pay si. 23. 83 


Compute 


f( X,Y) = (X, Y,0) - A -"(X, Y,0) 


= (X,Y,0)7-M-'((X, Y,0)r) (7.2) 


= (r,X4+5,Y) — (7X 4+ 5,Y)(4X4+5,Y). 


This is nearly the result we want. But if the minor 


mn 1, 
Sy. °85 


is not relatively prime to 2A, we have to modify 7. We will replace + by 


7’ = To, where o © SL,(Z) is a suitable automorphism of Y* — XZ, i.e. o 
satisfies the equation o - M -‘o = M. 


For g = (° 4 € SL,(Z), let 


2 


a af B? 
0,=|2ay ad+ By 26]. (7.3) 
e 76 6° 


A computation shows that det o, = 1 and that o, is an automorphism of 
Y* — XZ. 


1? | oe | 


Let 7’ = to,, where g remains to be chosen, and denote the entries of 7’ by 
r’, S/, t/ to match the notation for the entries of t. The minor 


, 
ry é 


Thus r/si — rjs{ = Tyy* — T,ay + T;a*, where the J, are the bottom row 
entries of 7. Computing det t = +1 by expansion across the third row of 7, 


we see that GCD(T7;, 7,, T;) = 1. By Lemma 2.4 we can choose a, y, and g 
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such that GCD(r/s3 — rjs{,24) = 1. The calculation (7.2) works for 7’ as well 
as for t, since t’- M -'t’ = A. The proof of Proposition 7.1ii is complete. 

ili. f(—5,, 7) = (7485 — P5,)*, where r,, ry, 5;, 5, are as in Proposition 7.1ii. 

= 


Proof of Theorem 3.8. Let @€ @¢(A) be such that w,(@) = 1. By Proposition 
7.liii the class ¢ contains a form [m?, b, c] where m is a positive integer that is 
relatively prime to A. Since GCD(m, b) = 1, the form [m, b, mc] 1s gaussian. 
Clearly, @= QB’, where De G¢(A) is the proper equivalence class of 
[m, b, mc]. Thus ker wy C #g(A). The opposite inclusion is trivial, as has 
already been noted. a 


Exercises 


1. Let f be a gaussian form of nonzero discriminant A. Prove that f is in the 
principal genus of @/(A) if and only if the congruence f( X,Y) =1 
(mod NV) has a solution for every positive integer N. 


a 


2. i. Let g = 4 € SL,(Z). Compute g[ X,2Y, Z] and compare with the 


formula (7.3) for o,. Observe that the discriminant of [ X,2Y, Z] equals 
4(Y* — XZ). Hence prove without further computation that 0, iS an 
automorphism of Y* — XZ. 


li. Prove that 0,0, = 9,, for all g,h € SL,(Z). 


8. Sums of Three Squares 


Lemma 8.1. Let a, b,c € Z be such that u = ac — b? is nonzero. 
i. The following two conditions are equivalent. 
1. There exist integers m, n, s such that the symmetric matrix 


a bom 

b con 

mn es 
has determinant equal to 1. 


2. There exist integers M,N that satisfy the system (8.2) of three con- 
gruences: 


R= 


—a=N?’ (modu), 
b = MN (mod u), (8.2) 


—c=M?* (modu). 
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ii. If moreover GCD(a, u) = 1 and 4+ u, then the two conditions of 1 are 
also equivalent to 


3. (a/p) = (—1/P) for all odd primes p that divide u. 


Proof. i. 1 = 2. Suppose that R exists. Let its cofactor matrix be 


_ A B M 
R=|B CC Ni. 
M Nu 


The relation R=R ylelds three equations that immediately imply (8.2), 
namely 
a= —N*4 Cu, 
b = MN — Bu, (8.3) 
c= —M*+4+ Au. 


2 = 1. Let M, N solve the congruences (8.2). Use (8.3) to define integers A, 
B, and C. Next define integers m, n, and s by the equations 


—aM — bN 
m = BN — CM = ———_ 
u 
—bM —cN 
n= BM — AN = —————_, (8.4) 
u 
1 — mM — nN 
s = AC — B* = ——__- 
u 


Let 


R= 


a bom 

b c nt: 

min Ss 

It is easily checked that the last column of the cofactor matrix of R is given by 
R= 


N 
u 


Expand by minors down the third column of R and use the final equation of 
(8.4) to prove that det R = 1. 

iu. Suppose now that GCD(a, u) = 1 and that 4+ wu. 

If 2 holds, then clearly (—a/p) = 1 for every odd prime divisor p of u. 
Hence (a/p) = (—1/p). 
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Now suppose that 3 holds. By Theorem 2.6 of Chapter 3 there exists N € Z 
such that —a = N? (mod u). Since GCD(N, u) = 1, there exists M © Z such 
that b = MN (modu). Finally, —N*c = ac = b? = M?N? (modu), which 
shows that —c = M* (modu). We have found a solution to (8.2), which 
proves that 2 holds. a 


Lemma 8.5. Let u € Z be congruent to 1 or 2 (mod 4). Let A = —4u and 
suppose that A is not a square. 

For every m ©€ U, there exists x € ker x, such that (x/p) = (m/p) for 
every odd prime divisor p of A. 

In other words, the homomorphism @: U, — A that is defined in the proof 
of Proposition 5.2, is surjective on restriction to ker x ,. That is, (ker x,) = A. 


Proof. Separate consideration of the three cases A=12 (mod16), A= 
8 (mod 32), and A = 24 (mod 32) shows that ker ¢@ ker x, = Hy. Thus, with 
B as in the proof of Proposition 5.2, |@(ker x ,)| = |ker x ,|/ker@ M ker xq| = 
ker Xq|/|Ha| = 3/4 X Bl = |Al. a 


Theorem 8.6. Let u be a positive integer that is congruent to 1 or 2 (mod 4) or 
to 3 (mod 8). Then there exist integers x, y, z such that x7 + y*+ z* =u. 


Proof. Suppose first that u = 1 or 2 (mod4). Let A = —4u. By Lemma 8.5 
and Theorem 3.6 there exists @ € @¢(A) such that $(a,(@)) = ¢(—1). Let 
[a,2b,c] © @ be such that GCD(a, A) = 1 and note that ac — b? = u. Since 
w,(@) = a, we have that (a/p) = (—1/p) for every odd prime p that divides 
u. Thus by Lemma 8.1 there are integers m, n, s such that the matrix 


a bm 
b con 
mn es 


has determinant equal to 1. By Exercise 6.6 the ternary form 


R= 


1 1 1 
f= —(aX + bY + mZ)’ + —(uY + (an — bm)Z)* + —Z? 
a au Uu 


whose matrix is R is equivalent to the form X* + Y* + Z*. Hence there 
exists y € GL,(Z) such that y -‘y = R. Taking cofactors gives 7 -‘y = R, 
which shows that the ternary form f whose matrix is R is also equivalent to 
X? + Y? 4+ Z?. Observe that f represents u, namely f(0,0,1) = u. Since all 
forms in an equivalence class represent the same integers, there must exist 
integers x, y, and z such that x7 + y?+ z7 =u. 

Now suppose that u = 3 (mod 8). The argument is similar to that of the 
previous case. Let A = —u, which is an odd discriminant congruent to 
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5 (mod 8). Since x,(—2) = 1, there exists, by Theorem 3.6, @ € @#(A) such 
that w(@) = —2. Let [a’,b,c’\]€ @ be such that GCD(a’, A) = 1. Let 
a = 2a’ and c = 2c’, and note that ac — b? = u. For odd primes p dividing u 


we calculate (a/p) = (2/p)(a'/p) = (2/pX—2/p) = (-1/p). Thus by 
Lemma 8.1 there are integers m,n, s such that 


a bom 
det] 5 c nj=l. 
mn s 


The rest of the proof is exactly as for the case u = 1 or 2 (mod 4). a 


The relation between Theorem 8.6 and the congruences (8.2) is similar to 
that between the Two Squares Theorem and the congruence X* = —1 (mod 4). 
Note that the proof of existence of the relevant solutions to (8.2) goes back to 
Theorem 3.6. 

It is now a very simple matter to prove Gauss’s Three Squares Theorem. 


Proof of Theorem 1.1. Let m = 4°%u, where wu is a positive integer that is not 
divisible by 4. We first prove that m equals a sum of three squares if and only 
if uw equals a sum of three squares. 

If u= x? 4+ y? + 2”, then m = (22x)? + (2%y)? + 222)’. 

Conversely, if m = x? + y? + z* and a > 1, then x, y, and z are all even, 
as can be seen by consideration of the congruence x? + y* + z” = 0 (mod 4). 
Hence 4*~'u and then by induction also u is a sum of three squares. 

All cases except u = 7 (mod 8) are covered by Theorem 8.6 (or Exercise 
6.7). That case is dealt with by the observation that there is no solution to the 
congruence X* + Y* + Z? = 7 (mod 8). Bs 


Gauss showed how to count the number of ways that an integer can be 
expressed as a sum of three squares by counting solutions of the congruences 
(8.2) and keeping track of their role in the proof of Theorem 8.6. We state 
Gauss’s result without proof as the final theorem in this book. 


Theorem 8.7. Let u be a positive integer, u # 1,3, and let 
R(u) = {(x, y,z) © Z*|x? + y? + z* = u and GCD(x, y, z) = 1}. 
Then 


12|\@?(—4u)| if u=1or2 (mod4) 
IR(u)| = ( 24|@¢(—u)| if u = 3 (mod8) 
0 otherwise. 
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Exercises 


1. The triangular numbers are the integers x(x + 1)/2, x => 0 € Z. Prove that 
every positive integer is the sum of three (not necessarily distinct) triangular 
numbers. ( Hint: To express m as such a sum, first write 8m + 3 as a sum of 
three odd squares.) 


2. Deduce from Theorem 1.1 that every positive integer is the sum of four 


Square numbers, i.e., prove that for every positive integer m there exist 
integers x, y, z, w such that x7 + y?+ z74+ w* =m. 


3. Verify Theorem 8.7 for u = 2,11, 17, 26, 35, 41, 51, 59. 


APPENDIX A 
A= Bh — 4ac* 


BY JEAN-PIERRE SERRE 
Collége de France 


The formula of the title is of course familiar; it is the discriminant of the 
quadratic polynomial ax? + bx +c. 

The problem I want to discuss today is: Given an integer A, what are the 
possible polynomials ax* + bx + c, with integer coefficients a, b,c, for which 
b* — 4ac is equal to A? Can we classify them? 

This problem has a long history, going as far back as Gauss (circa 1800); it 
is not solved yet, but there have been quite exciting new results recently, as I 
hope to show you. 

Notice first that there is an obvious necessary condition on A; namely A 
should be congruent to a square mod 4, 1.e., 


A = 0,1 (mod 4). 


Conversely, if this congruence holds, it is easy to find a,b,c <= Z with 
A = b* — 4ac (exercise). This settles the question of the existence of the 
solutions of our problem; it remains only (!) to classify them. For instance, are 
there some As for which there is a unique solution? 

In this crude form, the answer is obviously “no.” Indeed, the transforma- 
tion x — x + 1 leaves A invariant, but changes (a, b,c) to (a,b + 2a,a+ 
b + c). Thus, we should consider two quadratic polynomials as equivalent if 


*Lecture organized jointly by the Singapore Mathematical Society and the Department of 
Mathematics, National University of Singapore, and delivered on 14 February 1985. Notes taken 
by Daniel E. Flath. 
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they differ by x — x + 1, or more generally, by x > x +n (n © Z). But this 
is not enough: There are other possible transformations. To see them, it is 
better to use a homogeneous notation and to write our quadratic polynomials 


as ax* + bxy + cy*. The transformation x > x + 1 becomes (; a *” which 


we may write as a matrix S = e ‘), Since now x and y play symmetric 


roles, we should introduce as well the matrix T = é °), which corresponds 
to the transformation a = x+y: And, since we can compose transformations, 
we should consider the group generated by S and 7, which happens to be the 


group SL,(Z) of two-by-two matrices fi : ), with integral coefficients and 


t 


determinant 1. 

Now our problem may be reformulated as follows: 

Given an integer A, with A = 0,1 (mod 4), classify the SL,(Z) equivalence 
classes of quadratic forms ax? + bxy + cy*, with a, b,c © Z and b? — 4ac = A. 

For the rest of this talk, we will consider only the case where A is < 0, Le., 
equations ax”? + bx + c = 0 with no real root. (The case of a positive A is 
equally interesting, but quite different, and there has been little progress on it 
since Gauss.) This restriction to negative As forces a and c to have the same 
sign. For convenience, we will always take them positive, and we will denote 
by h(A) the number of such forms, modulo SL,(Z) equivalence; we shall see 
below that this number is finite. 

Consider a form ax* + bxy + cy’, with a,c > 0, and b? — 4ac = A, with 
A < 0. We say that such a form is almost reduced if a < c and |b| < a. Any 
form can be transformed into an almost reduced one by an element of SL,(Z). 


Indeed, we can arrange that a < c by applying the transformation (2 . in 


case c <a and we can ensure that |b| <a by applying some shift ; : : 
which leaves a invariant and replaces b by b+ 2an. If this destroys the 
inequality a < c, we apply again : ) and so on. It is easily checked that 
this process comes to a stop after finitely many steps and gives an almost 
reduced form. 


Theorem. The number of almost reduced forms with given discriminant 
A < 0 is finite. 


Proof. If ax? + bxy + cy” is almost reduced, we have 
4a* <4ac=b*?—-—A<a’*—A, 


hence 3a” < —A; this shows that a can take only finitely many values. The 
same is true for b since |b| < a, and c is determined by a, b, and A. a 


Corollary. (A) is finite. 
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Figure Al 


To go further, we need to investigate whether every SL,(Z) equivalence 
class contains a unique almost reduced form. It turns out that this is nearly 
always true. I want to explain the exceptions by using a picture in the complex 
plane: Write ax* + bxy + cy* as a(x +7y)(x+ Ty) with some complex 
number rt. We may assume that Im7r > 0 since t and 7 play symmetric roles. 
The condition |b| < a is equivalent to |r + 7| < 1, that is [Re t| < 5. The 
condition a < c translates to tT > 1, that is |t| > 1. In other words, ax? + 
bxy + cy? is almost reduced precisely when 7 lies in the famous shaded region 
pictured (boundary included) in Figure A1. 

The exceptions mentioned come from the boundary. The transformation 


S = Es ‘) changes 7 to 7 + 1 relating two points on the vertical boundaries. 


The transformation R = ie _) relates two symmetric points t and —1/r7 
= —T on the boundary arc. 


R 
Figure A2 
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To get rid of the redundant almost reduced forms we throw away half the 
boundary. Namely: 


Definition. ax* + bxy + cy* = a(x + ty)\(x + Ty) is reduced if 7+ lies in the 
region pictured in Figure A3: 


Figure A3 


Equivalently, if |b| < a < c and incase a = |b|, then b = a and in case a = ¢, 
then b > 0. 

This definition has been made just so that there is a unique reduced form in 
each SL,(Z) equivalence class. Hence h(A) is the number of reduced forms 
with discriminant A. This leads to a procedure for calculating h(A) for a given 
A, namely listing all reduced forms as in Table A1. (The proof of the finiteness 
of h(A) given above shows how to make this list.) 

Notice that the forms 2(x? + xy + y”) and 2(x* + y*) of discriminants 
—12 and —16 are multiples of forms that appear earlier in the table under 
A = —3, —4. To avoid this multiple listing we modify the game. Define a 
form ax? + bxy + cy” to be primitive if a, b, and c have no common factor 
greater than 1, and define h(A), the class number of A, to be the number of 
primitive reduced forms of discriminant A. It was a remarkable discovery of 
Gauss that the set C, of primitive reduced forms of discriminant A is an 
abelian group in a natural way, but we shall not go into that here.* 


*Call R, the ring Z[}VA ] if A = 0 (mod 4) and the ring Z[(1 + ¥A)/2] if A = 1 (mod 4). Then G 
is isomorphic with the “class group” Pic( Ra) of Ra. When A is a fundamental discriminant, then 
Rj is the ring of integers of the quadratic field Q(VA ), and A(A) is the class number of that field. 
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TABLE Al 


A  h(A) Reduced Forms of Discriminant A 
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=o. i x°+xyt+ y? 

-4 ] Die + y* 

et oa | x? + xy+2y’ 

—8 1 x? + 2y? 

1h ll x° + xy + 3y’ 

= 12. -2 x? + 3y? (x7 + xy+ y’) 

=>. 2 x° + xy + 4y? 2x°+ xyt2y’ 

—16 2 x? + 4y? 2(x* + y*) 

—19 1 x? + xy + 5y? 

—-20 2 e + Sy? 2x? + 2xy + 3y” 

= 23. 3 x° + xy + 6y” 2x7 — xy + 3y? 2x? + xy + 3y’ 
TABLE A2 

A 3 —4 cat | -8 -ll -12 -15 -16 -—19 — 20 
h(A) 1 1 1 1 1 1 2 1 1 2 
A 23 SL Ged3) a7. 2:59. -—6)/> 271. 79: 28s. 163 
h(A) 3 3 1 5 2 1 7 5 3 1 


With computer assistance these tables have now been extended into the 
millions. 

Looking at the tables one finds that the values h(A) are very irregular, but 
that with large |A|, h(A) tends to be large as well. It has been a fundamental 
problem to make this last observation precise. 

For technical reasons we restrict our consideration for the rest of this talk 
to the so-called “fundamental discriminants.” A discriminant A is fundamen- 
tal if it cannot be written A = A,f? with A, a discriminant (i.e., congruent to 
0 or 1 mod 4) and f an integer greater than 1. For instance, —12 and — 16 are 
not fundamental. This restriction is not serious because it is known how to 
compute all h(A) from the values for fundamental discriminants A alone. 

The fundamental discriminants A <0 with class number h(A) = 1 are 
especially interesting: They are those for which our original problem (find the 
quadratic equations with a given A) has an essentially unique solution. One 
finds easily 9 of them: A = —3, —4, —7, —8, —11, —19, —43, —67, —163. 
Around 1800, Gauss conjectured that there are no more. As we shall see, this 
is true (but it took more than 150 years to prove). 
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These discriminants A with h(A) = 1 have remarkable properties. Let me 
illustrate with the case A = — 163. 

In 1772, Euler (Mémoires de 1’ Académie de Berlin, extrait dune lettre a 
M. Bernoulli) discovered a curious property of the polynomial 


x? +x+ 41 (with discriminant A = —163). 
Namely, if you look at the table of its values for x = 0,1,..., 


x 0 1 2 3 4 5 6 Fos 39 
x*+x4+41 41 43 47 53 61 71 83 97 --- 1601 


you find only prime numbers, up to x = 39 (but x = 40 fails, since 407 + 40 
+ 41 = 41°)! The fact that this polynomial yields so many primes is equivalent 
to the equality h(—163) = 1. Indeed the following theorem is not hard to 
prove, using elementary properties of imaginary quadratic fields: 


Theorem. For a prime number p that is greater than 3 and congruent to 3 
mod 4, the following three properties are equivalent: 
a. h(—p) = 1. 
b. x* +x+(p+1)/4 is a prime number for every integer x such that 
O<x<(p-—7)/. 
2 . ° 
c. x° +x+ (p+ 1)/4 is prime for 0 < x < (Vp/3 — 1)/2. 


(For a proof of the equivalence (b) and (c), see, e.g., G. Frobenius, Gesammelte 
Abhandlungen II, no. 94.) 

This applies to p = 163: By (c), it suffices to check that x* + x + 41 is 
prime for x = 0,1,2,3; this implies it will be so up to x = 39. 

There are other interesting facts about 163 that are related to h(—163) = 1. 
Consider for instance the transcendental number 


e7V1©> — 262537412640768743.99999999999925007... . 
That it is so close to being an integer can be proved a priori from h(— 163) = 1! 


[Sketch of Proof. One computes the value of the elliptic modular function 
j(z) for z = (1 + iv163)/2; using h(—163) = 1, one proves that j(z) is an 
ordinary integer. On the other hand, the power series expansion for j(z) gives: 


j(z) =e 77" + 744 + 196884e77" + --- 


= —e7V16 4 744 — 196884e~7V183 4... | 
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an expression in which all terms but the first two give a very small contribu- 
tion (less than 107 !*). Hence e7Y'® is close to an integer.] 


For these and other reasons, there is great interest in determining all 
negative fundamental discriminants A with class number h(A) = 1 (or 2 or 3 
or ...). 

In the remainder of the talk I will review the work that has been done on 
this problem, some of it quite recent, some of it still in progress. 

The tables suggest that the class number h(A) is roughly of the order of 
magnitude of |A|'”*. One can in fact prove readily that h(A) < 3jA|!/7log|Al. 

But we really want a lower bound for h, since we want to show that for 
large discriminants A, h(A) must be large as well. 

Work of Gronwall in 1913 and Landau in 1918 showed that if the zeta 
function of @(VA ) has no zero between + and 1, then h(A) > C|A|’”?7/log|A| 
for a constant C which can in principle be computed. Unfortunately, the 
hypothesis on the zeta function has never been proved (it is a special case of 
GRH, the Generalized Riemann Hypothesis). 

In 1934, Heilbronn completed some previous work of Deuring and proved 
that lim h(A) = co when A — —oo. This was soon sharpened by Siegel 
(1936), who showed that for every « > 0, there exists a positive constant C, 
such that h(A) > CjA|'/”*~* In other words, the growth rate of h(A) is 
exactly as expected. 

However, Siegel’s proof gives less than might be hoped for: It is not 
“effective” (in plain English, the constant C, cannot be computed). The reason 
for this is interesting. One would like to prove that if a discriminant A is very 
large,* then h(A) cannot be too small. One does not know how to do that. 
What Siegel’s proof shows, instead, is that the existence of two large discrimi- 
nants A and A’ with both h(A) and h(Q’) suitably small leads to a contradic- 
tion. This allows h(A) to be small for one large A, which is one too many! 

For instance, it follows from Siegel’s work that there is at most one 
fundamental discriminant A,, with class number 1 beyond the 9 previously 
listed as already known to Gauss. The question of the existence of Aj, 
attained notoriety as the “problem of the tenth imaginary quadratic field.” 

The next progress came in 1952 when Heegner published a proof that A,, 
does not exist. However, this proof used properties of modular functions that 
he stated without enough justification. People could not understand his work 
and did not believe it (I tried myself once to follow his arguments, but got 
nowhere...). Hence, the question of the existence of Aj, was still considered 
open. 


*I call a negative discriminant “large”? when its absolute value is large. 
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In 1966, Stark studied A,, in his thesis, and proved that, if it exists, it is 
very large: |Ajo| > 107°. The following year, he succeeded in proving that 
A,9 does not exist, thus settling the class number 1 problem. His method 
looked at first quite different from Heegner’s; it turned out later that the two 
methods are closely related (and that Heegner’s approach was basically 
correct, after all). 

The same year, A. Baker also gave a solution of the class number 1 
problem, by using his effective bounds for linear forms in logarithms of 
algebraic numbers. 

With some work (by Baker himself and by Stark and Montgomery-Wein- 
berger), this method could also be applied to h(A) = 2, and yielded the fact 
that there are exactly 18 negative fundamental discriminants of class number 
2, the largest being — 427. 

However, neither Stark’s method nor Baker’s applied to the problem of 
class number 3 or more. 

To go further, we must now introduce some new objects. Recall that an 
elliptic curve E over Q is a nonsingular cubic 


y?=x?+ax+b, witha,b € QO and 4a? + 27b? + 0. 


To such a curve is attached a wonderful (and mysterious) analytic function 
L,(s), which is called its L series; it is conjectured to extend analytically to 
the whole C plane, to have a functional equation similar to the one of the 
Riemann zeta function (but with respect to s > 2 — s), etc. 

This seems to have nothing to do with h(A). However, in 1976, Goldfeld 
made a startling discovery. He proved that the existence of a single elliptic 
curve E over Q for which L,(s) satisfies the preceding conjectures and has a 
zero at s = 1 with multiplicity at least 3 implies 


h(A) => C, logA| 


for all* As, with a positive C, that is effectively computable. (How can a 
hypothesis on some elliptic curve imply anything about h(A)? Well, it is one 
of the many mysteries of number theory... .) 

Goldfeld’s theorem tells us that if we can find an elliptic curve E with the 
required properties, then h(A) goes to infinity effectively as A ~ — oo. There 
remains the task of finding such a curve. 

There are some elliptic curves, derived from modular forms and called 
“Weil curves,” for which the holomorphy of the L series and the functional 
equation are known. If we choose for E such a curve, the only further 


*This is correct only when h(A) is odd; the general statement is slightly different, see, e.g., [1]. 
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property that is needed is that L,(s) vanish at s = 1 with multiplicity 3 or 
more. The “Birch and Swinnerton—Dyer conjecture” predicts when this should 
happen, namely, when the rank of the group E(Q) of rational points of E is 
> 3. It is easy to find such curves E. One then has to prove 


L,()=0, L(1)=0, LZ) =0. 


Using the functional equation of L, (which can be fixed to have a minus sign), 
this reduces to proving that L/,.(1) = 0. But how does one show this? Of 
course, a computer can check that 


L',(1) = 0.0000000000... 


accurate to say 10 decimal places. But that is not good enough: The theorem 
requires L‘,(1) to be exactly 0. 

No way around that difficulty was found for about 7 years, and as a 
consequence, Goldfeld’s method could not be applied. 

The next progress came in 1983, when Gross and Zagier found a closed 
formula for L‘,(1). Using it, they were able to find a Weil curve E satisfying 
all of Goldfeld’s hypotheses. The corresponding constant C, has been com- 
puted by Oesterlé, and found to be equal to 1/7000. 

To see concretely what this means, let us apply it to the problem of 
determining the As with h(A) = 3. Goldfeld’s bound gives |A| < e710 < 
107°. We are thus left with only a finite set of As to investigate. Unfor- 
tunately, that set is too large. 

If the bound 10” could be brought down to 107°, one could apply a 
result of Montgomery—Weinberger saying that, in that range, the largest 
negative A with h(A) = 3 is A = —907. (Extending the Montgomery—Wein- 
berger method is certainly possible, but would require a lot of computer work.) 

Luckily, there are better elliptic curves than the one used by Gross—Zagier. 
Recently,* Mestre has investigated the rank 3 curve 


yr+y=x?-1x4+6. 


He has been able to show that it is a Weil curve (this required computer work, 
too; see a recent note of his, Comptes Rendus de 1’ Académie des Sciences), 
and, by using the Gross—Zagier theorem, that its L series has a triple zero at 


s = 1. The corresponding C, turns out to be > 1/55. For h(A) = 3, this 
gives 


|A| < el < 10”, 


*This work of Mestre was completed shortly after my Singapore lecture (February 1985). 
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which is much below Montgomery—Weinberger’s 107°. The class number 3 
problem is thus solved. No doubt the same method will work for other small 
class numbers, up to 100, say. 

Of course this is not the end of the story. We would like to have effective 
lower bounds for h(A) of the size of some power of |A|, rather than in log|A|. 


But how to get them? Will we have to wait until GRH is proved? It may take a 
while... . 
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APPENDIX B 
Tables 


TABLE B1 


2 

31 
73 
127 
179 
233 
283 
353 
419 
467 
547 
607 
661 
739 
811 
877 
947 
1019 
1087 
1153 
1229 
1297 
1381 
1453 
1523 
1597 
1663 
1741 
1823 
1901 
1993 
2063 
2131 
2221 
2293 
2371 
2437 
2539 
2621 
2689 
2749 
2833 
2909 
3001 
3083 
3187 
3259 


3 

37 
79 
131 
181 
239 
293 
359 
421 
479 
557 
613 
673 
743 
821 
881 
953 
1021 
1091 
1163 
1231 
1301 
1399 
1459 
1531 
1601 
1667 
1747 
1831 
1907 
1997 
2069 
2137 
22341. 
2297 
2377 
2441 
2543 
2633 
2693 
2753 
2837 
2917 
3011 
3089 
3191 
3271 


The prime numbers 


5 


7 

43 
89 
139 
193 
251 
311 
373 
433 
491 
569 
619 
683 
757 
827 
887 
971 
1033 
1097 
1181 
1249 
1307 
1423 
1481 
1549 
1609 
1693 
1759 
1861 
1931 
2003 
2083 
2143 
2243 
2311 
2383 
2459 
2551 
2657 
2707 
Zudd 
2851 
2939 
3023 
3119 
3209 
3301 


11 

47 

97 
149 
197 
257 
313 
379 
439 
499 
571 
631 
691 
761 
829 
907 
977 
1039 
1103 
1187 
1259 
1319 
1427 
1483 
1553 
1613 
1697 
i i 
1867 
1933 
2011 
2087 
2153 
2251 
2333 
2389 
2467 
2351 
2659 
2711 
2789 
2857 
2953 
3037 
3121 
3217 
3307 


< 10007. 


13 
53 
101 
151 
199 
263 
317 
383 
443 
503 
577 
641 
701 
769 
839 
911 
983 
1049 
1109 
1193 
1277 
1321 
1429 
1487 
1559 
1619 
1699 
1783 
1871 
1949 
2017 
2089 
2161 
2267 
2339 
2393 
2473 
2579 
2663 
2713 
2791 
2861 
2957 
3041 
3137 
3221 
3313 


17 
59 
103 
157 
211 
269 
331 
389 
449 
509 
587 
643 
709 
173 
853 
919 
991 
1051 
1117 
1201 
1279 
1327 
1433 
1489 
1567 
1621 
1709 
1787 
1873 
1951 
2027 
2099 
2179 
2269 
2341 
2399 
2477 
2591 
2671 
2719 
2797 
2879 
2963 
3049 
3163 
3229 
3319 


19 
61 
107 
163 
223 
271 
337 
397 
457 
521 
593 
647 
719 
787 
857 
929 
997 
1061 
1123 
1213 
1283 
1361 
1439 
1493 
1571 
1627 
1721 
1789 
1877 
1973 
2029 
2111 
2203 
2273 
2347 
2411 
2503 
2593 
2677 
2129 
2801 
2887 
2969 
3061 
3167 
3251 
3323 


23 
67 
109 
167 
22) 
277 
347 
401 
461 
523 
599 
653 
727 
797 
859 
937 
1009 
1063 
1129 
1217 
1289 
1367 
1447 
1499 
1579 
1637 
1723 
1801 
1879 
1979 
2039 
2113 
2207 
2281 
2351 
2417 
2521 
2609 
2683 
2731 
2803 
2897 
2971 
3067 
3169 
3253 
3329 


29 
71 
113 
173 
229 
281 
349 
409 
463 
541 
601 
659 
733 
809 
863 
941 
1013 
1069 
1151 
1223 
1291 
1373 
1451 
1511 
1583 
1657 
1733 
1811 
1889 
1987 
2053 
2129 
2213 
2287 
2357 
2423 
2531 
2617 
2687 
2741 
2819 
2903 
2999 
3079 
3181 
3257 
3331 


191 


192 


TABLE B1 


3343 
3433 
3517 
3581 
3659 
3733 
3823 
3911 
4001 
4073 
4153 
4241 
4327 
4421 
4507 
4591 
4663 
4759 
4861 
4943 
5009 
5099 
5189 
5281 
5393 
5449 
5527 
5641 
5701 
5801 
5861 
5953 
6067 
6143 
6229 
6311 
6373 
6481 
6577 
6679 
6763 
6841 
6947 
7001 
7109 
7211 
7307 


3347 
3449 
3927 
3583 
3671 
3739 
3833 
3917 
4003 
4079 
4157 
4243 
4337 
4423 
4513 
4597 
4673 
4783 
4871 
4951 
5011 
5101 
5197 
5297 
5399 
5471 
5531 
5647 
5711 
5807 
5867 
5981 
6073 
6151 
6247 
6317 
6379 
6491 
6581 
6689 
6779 
6857 
6949 
7013 
7121 
7213 
7309 


(Continued ) 


3359 
3457 
3529 
3593 
3673 
3761 
3847 
3919 
4007 
4091 
4159 
4253 
4339 
4441 
4517 
4603 
4679 
4787 
4877 
4957 
5021 
5107 
5209 
5303 
5407 
5477 
5557 
5651 
5717 
5813 
5869 
5987 
6079 
6163 
6257 
6323 
6389 
6521 
6599 
6691 
6781 
6863 
6959 
7019 
00x 
7219 
7321 


3361 
3461 
3533 
3607 
3677 
3767 
3851 
3923 
4013 
4093 
4177 
4259 
4349 
4447 
4519 
4621 
4691 
4789 
4889 
4967 
5023 
5113 
5227 
5309 
5413 
5479 
5563 
5653 
mo ee 
5821 
5879 
6007 
6089 
6173 
6263 
6329 
6397 
6529 
6607 
6701 
6791 
6869 
6961 
7027 
7129 
7229 
7331 


3371 
3463 
3539 
3613 
3691 
3769 
3853 
3929 
4019 
4099 
4201 
4261 
4357 
4451 
4523 
4637 
4703 
4793 
4903 
4969 
5039 
5119 
5231 
5323 
5417 
5483 
5569 
5657 
5741 
5827 
5881 
6011 
6091 
6197 
6269 
6337 
6421 
6547 
6619 
6703 
6793 
6871 
6967 
7039 
7151 
7237 
7333 


3373 
3467 
3541 
3617 
3697 
3779 
3863 
3931 
4021 
4111 
4211 
4271 
4363 
4457 
4547 
4639 
4721 
4799 
4909 
4973 
5051 
5147 
5233 
5333 
5419 
5501 
5573 
5659 
5743 
5839 
5897 
6029 
6101 
6199 
6271 
6343 
6427 
6551 
6637 
6709 
6803 
6883 
6971 
7043 
7159 
7243 
7349 


3389 
3469 
3547 
3623 
3701 
3793 
3877 
3943 
4027 
4127 
4217 
4273 
4373 
4463 
4549 
4643 
4723 
4801 
4919 
4987 
5059 
5153 
5237 
5347 
5431 
5503 
5581 
5669 
5749 
5843 
5903 
6037 
6113 
6203 
6277 
6353 
6449 
6553 
6653 
6719 
6823 
6899 
6977 
7057 
7177 
7247 
7351 


3391 
3491 
3557 
3631 
3709 
3797 
3881 
3947 
4049 
4129 
4219 
4283 
4391 
4481 
4561 
4649 
4729 
4813 
4931 
4993 
5077 
5167 
5261 
5351 
5437 
5507 
5591 
5683 
5779 
5849 
5923 
6043 
6121 
6211 
6287 
6359 
6451 
6563 
6659 
6733 
6827 
6907 
6983 
7069 
7187 
7253 
7369 


3407 
3499 
3559 
3637 
3719 
3803 
3889 
3967 
4051 
4133 
4229 
4289 
4397 
4483 
4567 
4651 
4733 
4817 
4933 
4999 
5081 
5171 
5273 
5381 
5441 
5519 
5623 
5689 
5783 
5851 
5927 
6047 
6131 
6217 
6299 
6361 
6469 
6569 
6661 
6737 
6829 
6911 
6991 
7079 
7193 
7283 
7393 


3413 
3511 
3571 
3643 
3727 
3821 
3907 
3989 
4057 
4139 
4231 
4297 
4409 
4493 
4583 
4657 
4751 
4831 
4937 
5003 
5087 
5179 
5279 
5387 
5443 
5521 
5639 
5693 
5791 
5857 
5939 
6053 
6133 
6221 
6301 
6367 
6473 
6571 
6673 
6761 
6833 
6917 
6997 
7103 
7207 
7297 
7411 
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7417 
7507 
7573 
7649 
7727 
7841 
7927 
8039 
8117 
8221 
8293 
8389 
8513 
8599 
8681 
8747 
8837 
8933 
9013 
9127 
9203 
9293 
9391 
9461 
9539 
9643 
9739 
9817 
9901 


7433 
7517 
7577 
7669 
7741 
7853 
7933 
8053 
8123 
8231 
8297 
8419 
8521 
8609 
8689 
8753 
8839 
8941 
9029 
9133 
9209 
9311 
9397 
9463 
9547 
9649 
9743 
9829 
9907 


7451 
7523 
7583 
7673 
VIO 
7867 
7937 
8059 
8147 
8233 
8311 
8423 
8527 
8623 
8693 
8761 
8849 
8951 
9041 
9137 
9221 
9319 
9403 
9467 
9551 
9661 
9749 
9833 
9923 


7457 
7529 
7589 
7681 
77157 
7873 
7949 
8069 
8161 
8237 
8317 
8429 
8537 
8627 
8699 
8779 
8861 
8963 
9043 
9151 
9227 
9323 
9413 
9473 
9587 
9677 
9767 
9839 
9929 


7459 
7537 
7591 
7687 
7759 
7877 
7951 
8081 
8167 
8243 
8329 
8431 
8539 
8629 
8707 
8783 
8863 
8969 
9049 
9157 
9239 
9337 
9419 
9479 
9601 
9679 
9769 
9851 
9931 


7477 
7541 
7603 
7691 
7789 
7879 
7963 
8087 
8171 
8263 
8353 
8443 
8543 
8641 
8713 
8803 
8867 
8971 
9059 
9161 
9241 
9341 
9421 
9491 
9613 
9689 
9781 
9857 
9941 


7481 
7547 
7607 
7699 
7793 
7883 
7993 
8089 
8179 
8269 
8363 
8447 
8563 
8647 
8719 
8807 
8887 
8999 
9067 
9173 
9257 
9343 
9431 
9497 
9619 
9697 
9787 
9859 
9949 


7487 
7549 
7621 
7703 
7817 
7901 
8009 
8093 
8191 
8273 
8369 
8461 
8573 
8663 
8731 
8819 
8893 
9001 
9091 
9181 
9277 
9349 
9433 
9511 
9623 
9719 
9791 
9871 
9967 


7489 
7559 
7639 
7717 
7823 
7907 
8011 
8101 
8209 
8287 
8377 
8467 
8581 
8669 
8737 
8821 
8923 
9007 
9103 
9187 
9281 
9371 
9437 
9521 
9629 
9721 
9803 
9883 
9973 


7499 
7561 
7643 
7723 
7829 
7919 
8017 
8111 
8219 
8291 
8387 
8501 
8597 
8677 
8741 
8831 
8929 
9011 
9109 
9199 
9283 
9377 
9439 
9533 
9631 
9733 
9811 
9887 
10007 
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TABLE B2 Class numbers for negative discriminants. h = |@¢(A)|, the number of 
proper equivalence classes of primitive positive definite integral binary quadratic forms 
of discriminant A, where — 1500 < A < —3. An asterisk (*) indicates that there is just 
one proper equivalence class in each genus for the given discriminant. 


A h A h A h A h 

= 3° 1 = 91" 2 —179 5 =26/* 2 

=A" 1 = 92 3 — 180* 4 — 268 3 

a ai 1 —95 8 — 183 8 214 11 

aid 1 = 96" 4 —184 4 =212 8 
=i 1* 1 = 99" 2 —187* 2 = 279 4 
= 12" 1 — 100* 2 —188 5 — 276 8 
= 1S" 2 — 103 5 —191 13 = 219. 12 
=16* 1 — 104 6 —192* 4 — 280* 4 
= 19* 1 —107 3 —195* 4A — 283 3 
=20" 2 — 108 3 — 196 4 — 284 7 
— 23 3 —111 8 —199 9 — 287 14 
=24* 2 =?” 2 — 200 6 — 288* 4 
=i 1 =D" ps — 203 4 = 291 4 
=25" 1 —116 6 — 204 6 = 292 4 
= 31. 3 —119 10 — 207 6 — 295 8 
=n 2 =120* 4 — 208 4 — 296 10 
=35" ps =123* Z —211 3 = 299 8 
— 36* 2 —124 3 —212 6 — 300 6 
— 39 4 =127 5 —215 14 — 303 10 
— 40* 2 — 128 4 — 216 6 — 304 6 
— 43* 1 cam Got 5 —219 4 — 307 3 
—44 3 = 152" 4 — 220 4 — 308 8 
—47 5 = 135 6 = 225 Ei =) 19 
— 48* 2 — 136 4 — 224 8 = 312" 4 
= 51" 2 =159 3 = 22) 5 =315" 4 
= 52" Z — 140 6 = 223" 4 — 316 5 
= 99 4 — 143 10 —231 12 — 319 10 
— 56 4 —144 4 =232" Zz — 320 8 
— 59 3 —147* 2 = 250" 2 — 323 4 
— 60* Z — 148* 2 — 236 9 — 324 6 
— 63 4 —151 7 =2359 15 = 32) 12 
— 64* p = 152 6 — 240* 4 — 328 4 
— 67* 1 =155 4 — 243 3 — 331 3 
— 68 4 —156 4 — 244 6 332 9 
=f 7 = 1959 10 — 247 6 — 335 18 
= 12" 2 — 160* 4 — 248 8 — 336 8 
pt Ps 2 — 163* 1 = 251 fi = 339 6 
— 76 3 — 164 8 = 252 4 — 340* 4 
= 19 5 —167 11 —255 12 — 343 d 
— 80 4 — 168* 4 — 256 4 — 344 10 
— 83 3 eae a Bt 4 2259 4 — 347 5 
— 84* 4 =—1Li2 3 — 260 8 — 348 6 
— 87 6 175 6 =263 13 — 351 12 
— 88* 2 —176 6 — 264 8 = 352" 4 
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TABLE B2 (Continued ) 


A 


= 395 
— 356 
— 359 
— 360 
— 363 
— 364 
— 367 
— 368 
— 371 
= 3712" 
= 375 
— 376 
=379 
— 380 
— 383 
— 384 
— 387 
— 388 
=391 
— 392 
— 395 
— 396 
— 399 
— 400 
— 403* 
— 404 
— 407 
— 408* 
— 411 
— 412 
— 415 
— 416 
— 419 
— 420* 
— 423 
— 424 
— 427* 
— 428 
— 431 
— 432 
— 435* 
— 436 
— 439 
— 440 
— 443 
— 444 
— 447 
— 448* 
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TABLE B2 (Continued) 


20 
4 


— 999 
— 1000 
— 1003 
— 1004 
— 1007 
— 1008 
—1011 
= 1012" 
—1015 
— 1016 
—1019 
— 1020 
— 1023 
— 1024 


A 


— 1027 
— 1028 
— 1031 
— 1032 
— 1035 
— 1036 
— 1039 
— 1040 
— 1043 
— 1044 
— 1047 
— 1048 
—1051 
— 1052 
— 1055 
— 1056 
— 1059 
— 1060 
— 1063 
— 1064 
— 1067 
— 1068 
— 1071 
— 1072 
— 1075 
— 1076 
— 1079 
— 1080 
— 1083 
— 1084 
— 1087 
— 1088 
—1091 
— 1092* 
— 1095 
— 1096 
— 1099 
— 1100 
— 1103 
—1104 
—1107 
— 1108 
—1111 
—1112 
aS 
—1116 
—1119 
— 1120* 


TABLE B2 (Continued ) 


A h 
= 23 5 
—1124 20 
=1127 24 
—1128 8 
=I1131 8 
1132 9 
= 1135 18 
— 1136 14 
—1139 16 
—1140 16 
— 1143 20 
—1144 12 
— 1147 6 
— 1148 14 
—1151 41 
== TS2 8 
—1155* 8 
— 1156 8 
—1159 16 
— 1160 20 
— 1163 7 
—1164 12 
— 1167 22 
— 1168 8 
—1171 7 
= 1172 18 
=I1)5 30 
— 1176 12 
= 1179 10 
— 1180 8 
— 1183 14 
— 1184 20 
—1187 9 
— 1188 12 
—1191 24 
—1192 6 
—1195 8 
—1196 24 
=1L199 38 
— 1200 12 
— 1203 6 
— 1204 8 
— 1207 18 
— 1208 12 
—1211 14 
=1212 10 
—1215 18 
—1216 12 
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TABLE B4 Class numbers for positive discriminants. h = |@7¢(A)|, the number of 
proper equivalence classes of primitive integral binary quadratic forms of nonsquare 
discriminant A, where 5 < A < 1600. An asterisk (*) indicates that the norm of the 


fundamental unit of the A-order ©, equals — 1. 
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A 
768 ; 
: A 
69* ; 3 
ns 865* 
A 
ma ; 868 ; 
2 h 
7716 1 ] 4 3 
777 4 872* : 65 2 : 
3 : ; = 2 1060* 
3 z - 2 1061* 2 
785* 2 877* : 7 | : | 
788* 6 880 : a : | 
789 3 881* : on : : | 
792 9 884 1 977* ; 1072 | 
793 4 885 : a 3 z | 
; = fe 2 1073* 2 
7197* 2 889 : 8 | Mo : 
800 1 892 2 a : : 2 
3 = = 6 1080 2 
804 2 896 : m ; . | 
805 2 897 : 93 3 : | 
808* 4 901* : . | : 3 
809* 2 904* ; 97 | : | 
812 1 905 8 a : : 
: : . 1000* 1 1093* 4 
3 = a 2 1096* 5 
817 4 912 2 ian 7 . 
820 10 913 : 0 3 : 
821* 4 916* : 00 | c | 
824 1 917 3 ets : } 
825 2 920 2 ae 7 3 
828 4 921 4 1013* ; 109 | 
= | 2 : 1016 1 1109* 1 
832 1 925* : om | : 
833 4 928 ; 08 3 E | 
836 2 929* 4 ee } = : 
837 2 932* 1 1025* 120, | 
840 6 933 1 i. a : 
844 8 936 : 108 3 é | 
845* 2 937* 4 Te 7 3 
848 2 940 1 ae, 7 : 
849 2 941* 03 | r | 
852 y) 944 1 1037* : 13 : 
= | z ; 1040 2 1132 9 
3 : ae 4 1133 2 
: oo 2 1044 2 1136 2 
; = ae 2 1137 2 
861 4 953* : 108 : : 3 
864 4 956 1 igees 2 , 
4 957 ; 108 3 r : 
960 4 ie 3 
: 08 ; 1148 : 
03 : 1149 : 
: 1152 : 
1153* ; 
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proper, 105, 125-126, 142, 144-145, 166. 
See also Pell equation 
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discriminant, 55, 60. See also Discriminant 
equivalence, 57, 61, 100-102 
proper, 57, 61-62, 102, 105, 128, 147, 
151-153, 181 
gaussian, 152 
integral, 55 
module, 119 
Pell form, see Pell equation, Pell form 
positive definite, 55, 61 
primitive, 101, 183 
principal, 152 
representation of integers by, 55, 156. See 
also Prime numbers; Diophantine 
equations 
proper, 102, 124, 128, 134 
roots, 139-140, 143 
square discriminants, 61-62, 118-119, 123 
ternary, 168-169 
classically integral, 172 
determinant, 169, 171 
equivalence, 169 
matrix, 169 
y? — xz, 169, 171, 174-175 
Quadratic nonresidue, 70, 74, 76-77 
Quadratic reciprocity, 63-65, 72-73, 98, 101 
proofs, 64, 76, 78-80, 82—83, 84, 91, 163-164 
supplement, 71, 81. See also Congruences, 
quadratic; Legendre symbol, evaluation 
Quadratic residue, 70, 76-77. See also 
Congruences, quadratic; Legendre symbol 


Rational approximation, 25, 45-47, 50, 
105-108, 110, 118 
Reduced form, see Reduction, binary forms 
Reduction, see also Quadratic forms 
binary forms, 169 
negative discriminant, 25, 58-61, 181-183 
reduced form, 59, 168, 183-184 
positive nonsquare discriminant, 61, 105, 
128-132, 141-142 
and automorphisms, 144 
neighbor, 129, 132, 134, 140 
modified, 142 


and Pell equation, 145 
period, 130 
reduced form, 129, 130-131, 139, 142 
positive square discriminant, 61-62 
zero discriminant, 62 
ternary forms, 169-171 
Representations of integers, see Diophantine 
equations; Prime numbers; Quadratic 
forms 
Riemann, G. F. B., 17 
Riemann hypothesis (GRH), 186, 189 
Roots of quadratic forms, see Quadratic forms, 
binary 


Schur, I., 84, 85 
Siegel, C. L., 186 
Solovay, R., 93-94 
Squarefree integers, see Integers, squarefree 
Stark, H. M., 187 
Strassen, V., 93-94 
Sum of squares: 
two, 5, 24, 25, 33, 36-37, 38, 46-47, 49-51, 
59, 63, 76, 95, 102-103, 133-134, 168, 178 
three, 147, 148, 159, 172, 177-178 
four, 52-53, 179 
Symmetric set, 50 


Triangular numbers, 179 


Unique factorization, see Factorization, 
uniqueness 
Unique factorization domain, 35, 36 


de la Vallée Poussin, C. J., 17 
Vandermonde matrix, 87, 88 
Visible point, 40 


Weinberger, P. J., 187, 188-189 
Wilson’s theorem, 27, 28 

generalized, 31 
Witness, see Composite integer, witness 


Zagier, D., 188 
Zeta functions, 186 


Notation Index 


The ring of integers. 

The field of rational numbers. 

The field of real numbers. 

The field of complex numbers. 

The group of units in a 

ring A. 

The ring of polynomials in one 
variable with coefficients 
in a ring A. 

The group of invertible n X n 
matrices with entries in R. 

The group of n X n matrices 
with entries in Z and 
determinant +1. 

The group of n X n matrices 
with entries in Z and 
determinant +1. 

The block diagonal matrix 
with specified blocks. 

The transpose of a matrix. 

The determinant and trace of 
a Square matrix. 

The imaginary and real parts 
of a complex number. 

The kernel of a 
homomorphism. 

The image of a map. 

The degree of a nonzero 
polynomial. 

If and only if, used in a 
definition. 

The sign (+1) of a nonzero 
real number. 

The number of elements in a 
finite set S. 

The greatest integer less than 
or equal to a real 
number x. 


C(Z/n) 
Ff 

G 

Z Cae 


fr 
Pell(A) 


Pell* (A) 


26 

34 

34, 111, 117 
55 

70 

73 

83 

111, 117 
112, 117 
113 

113 

114 

119 

125 

125 

125 

127 

128 

129 

132 
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(dgstueg Gi) «135 Gen (A), Go 157 
Yy 135 Ign 157 
Q(f), w(f) 139 xlmb( A) 159 
T(8), S(k) 143 So(A) 159 
Tp, nm? “fn 143 C¢*(A) 160 
la, b, *] 149 M(F) 169 
f"g 149 8(F) 169 
f"g 149 M 169 
G 152 6, 174 
fo 152 h(A) 181 
€¢(A) 153 h(A) 183 
Hy 156 GRH 186 


WA 157 


Introduction to Number Theory gives 
a modern presentation of Gauss’s 
classical theory of binary quadratic 
forms. The text stays close to the 
naive questions, which in number 
theory concern prime numbers 
and Diophantine equations. The 
emphasis here is on Diophantine 
equations, especially quadratic 
equations in two variables. The 
book culminates with Gauss’s 
work on sums of three squares, a 
topic rarely covered in number 
theory books of this level. 


Chapters treat prime numbers and 
unique factorization, sums of two 
squares, quadratic reciprocity, in- 
definite forms, and the class group 
and genera. Exercises that rein- 
force and extend the text are in- 
cluded throughout. An appendix 
by Jean-Pierre Serre discusses re- 
lated current research. 


Introduction to Number Theory will 
prove a valuable resource for stu- 
dents, mathematicians, and 
researchers. 
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